CVE-2020-14371

CWE-200Information ExposureCWE-22Path Traversal7 documents5 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 49.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJun 2
Latest updateMay 24

Description

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5red_hat_satelliteRed Hat Satellite 6.6.3 Red Hat Satellite 6.7

🔴Vulnerability Details

2
GHSA
GHSA-cwhp-2whx-784h: A credential leak vulnerability was found in Red Hat Satellite2022-05-24
CVEList
CVE-2020-14371: A credential leak vulnerability was found in Red Hat Satellite2021-06-02

📋Vendor Advisories

2
Red Hat
Satellite: Compute resource credential leak2020-08-27
Red Hat
Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-143712020-02-20

💬Community

1
Bugzilla
CVE-2020-14371 Satellite: Compute resource credential leak2020-08-27
CVE-2020-14371 (MEDIUM CVSS 6.5) | A credential leak vulnerability was | cvebase.io