Redhat Satellite vulnerabilities

CVE-2021-3589 [HIGH] CWE-306 CVE-2021-3589: An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissio An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-3584 [HIGH] CWE-78 CVE-2021-3584: A server side remote code execution vulnerability was found in Foreman project. A authenticated atta A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.

CVE-2021-42550 [MEDIUM] CWE-502 CVE-2021-42550: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit config In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

CVE-2021-44420 [HIGH] CVE-2021-44420: In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with t In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

CVE-2020-14380 [HIGH] CWE-287 CVE-2020-14380: An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with prop An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

CVE-2020-14371 [MEDIUM] CWE-200 CVE-2020-14371: A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resour A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

CVE-2020-14335 [MEDIUM] CWE-200 CVE-2020-14335: A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets thro A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

CVE-2020-10716 [MEDIUM] CWE-285 CVE-2020-10716: A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properl A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4.

CVE-2021-3413 [MEDIUM] CWE-200 CVE-2021-3413: A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A cr A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-20256 [MEDIUM] CWE-200 CVE-2021-20256: A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-14334 [HIGH] CWE-522 CVE-2020-14334: A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

CVE-2020-10693 [MEDIUM] CWE-20 CVE-2020-10693: A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

CVE-2012-6685 [HIGH] CWE-776 CVE-2012-6685: Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2014-3590 [MEDIUM] CWE-352 CVE-2014-3590: Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in t Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

CVE-2014-0241 [MEDIUM] CWE-522 CVE-2014-0241: rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CVE-2013-2101 [MEDIUM] CWE-79 CVE-2013-2101: Katello has multiple XSS issues in various entities Katello has multiple XSS issues in various entities

CVE-2012-5562 [HIGH] CWE-319 CVE-2012-5562: A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentia A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.

CVE-2013-6460 [MEDIUM] CWE-776 CVE-2013-6460: Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

CVE-2013-6461 [MEDIUM] CWE-776 CVE-2013-6461: Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

CVE-2019-17631 [CRITICAL] CWE-285 CVE-2019-17631: From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.