CVE-2020-14334

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 70.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJul 31
Latest updateMay 24

Description

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5red_hat_satellite6

🔴Vulnerability Details

2
GHSA
GHSA-cjmx-h785-pr4r: A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files2022-05-24
CVEList
CVE-2020-14334: A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files2020-07-31

📋Vendor Advisories

1
Red Hat
foreman: unauthorized cache read on RPM-based installations through local user2020-07-28

💬Community

1
Bugzilla
CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user2020-07-17
CVE-2020-14334 (HIGH CVSS 8.8) | A flaw was found in Red Hat Satelli | cvebase.io