Red Hat Satellite vulnerabilities

CVE-2020-14380 [HIGH] CWE-287 CVE-2020-14380: An account takeover flaw was found in Red Hat Satellite 6 An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

CVE-2020-14335 [MEDIUM] CWE-200 CVE-2020-14335: A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

CVE-2020-14371 [MEDIUM] CWE-200 CVE-2020-14371: A credential leak vulnerability was found in Red Hat Satellite A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

CVE-2021-20256 [MEDIUM] CWE-200 CVE-2021-20256: A flaw was found in Red Hat Satellite A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14334 [HIGH] CWE-522 CVE-2020-14334: A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

CVE-2017-7513 [MEDIUM] CWE-295 CVE-2017-7513: It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

CVE-2017-7514 [MEDIUM] CWE-79 CVE-2017-7514: A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat S A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.