CVE-2020-10716

Published: May 27, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4.

Affected (3)

Products: Redhat: Satellite, Satellite Capsule · Theforeman: Foreman Ansible

2 products

Satellite Capsule

1 product

Foreman Ansible

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 6.7
Redhat Satellite Capsule	Version 6.7
Theforeman Foreman Ansible	Before 4.0.3.4

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1814998

Source: secalert@redhat.com

Issue TrackingPermissions RequiredVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1827300

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1814998

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1827300

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.