CVE-2020-14380

CWE-287Improper Authentication5 documents5 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Satellite
Timeline
PublishedJun 2
Latest updateMay 24

Description

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDredhat/satellite6.7.2
CVEListV5red_hat_satelliteRed Hat Satellite 6.8

🔴Vulnerability Details

2
GHSA
GHSA-j9wh-q5x6-q8gp: An account takeover flaw was found in Red Hat Satellite 62022-05-24
CVEList
CVE-2020-14380: An account takeover flaw was found in Red Hat Satellite 62021-06-02

📋Vendor Advisories

1
Red Hat
Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover2020-08-31

💬Community

1
Bugzilla
CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover2020-08-31
CVE-2020-14380 (HIGH CVSS 7.5) | An account takeover flaw was found | cvebase.io