Back to bug 1939701
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Yadnyawalk Tale | 2021-03-16 20:50:13 UTC | CC | security-response-team | |
| Yadnyawalk Tale | 2021-03-16 20:58:43 UTC | Summary | EMBARGOED foreman-proxy: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin | EMBARGOED smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin |
| Yadnyawalk Tale | 2021-03-16 20:59:26 UTC | Comment | 0 | updated |
| Yadnyawalk Tale | 2021-03-16 21:01:39 UTC | Summary | EMBARGOED smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin | EMBARGOED smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin for Capsule |
| Yadnyawalk Tale | 2021-03-16 21:06:38 UTC | Depends On | 1939709 | |
| Yadnyawalk Tale | 2021-03-17 13:22:17 UTC | Summary | EMBARGOED smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin for Capsule | EMBARGOED CVE-2021-20290 smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin for Capsule |
| Alias | CVE-2021-20290 | |||
| RaTasha Tillery-Smith | 2021-03-17 18:58:30 UTC | Doc Text | An improper authorization handling flaw was found in the Red Hat Satellite. OpenSCAP plugin for the Capsule allows Satellite Clients to execute actions that should be limited to the Satellite Server. This flaw allows an authenticated local attacker to access and deletion of limited resources and can also cause a denial of service on the Satellite server. | An improper authorization handling flaw was found in Red Hat Satellite. The OpenSCAP plugin for the Capsule allows Satellite Clients to execute actions that should be limited to the Satellite Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Satellite server. The highest threat from this vulnerability is to integrity and system availability. |
| Yadnyawalk Tale | 2021-03-18 18:41:23 UTC | Doc Text | An improper authorization handling flaw was found in Red Hat Satellite. The OpenSCAP plugin for the Capsule allows Satellite Clients to execute actions that should be limited to the Satellite Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Satellite server. The highest threat from this vulnerability is to integrity and system availability. | An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. |
| Summary | EMBARGOED CVE-2021-20290 smart_proxy_openscap: Clients can perform reserved actions on Satellite Server through OpenSCAP plugin for Capsule | EMBARGOED CVE-2021-20290 smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy | ||
| Yadnyawalk Tale | 2021-03-18 18:44:11 UTC | Comment | 0 | updated |
| Yadnyawalk Tale | 2021-03-19 13:32:45 UTC | Comment | 2 | updated |
| Yadnyawalk Tale | 2021-03-19 13:44:54 UTC | Deadline | 2021-03-29 | |
| Yadnyawalk Tale | 2021-03-19 14:02:34 UTC | Deadline | 2021-03-29 | 2021-03-30 |
| Yadnyawalk Tale | 2021-03-19 14:34:37 UTC | Comment | 6 | updated |
| Yadnyawalk Tale | 2021-03-22 14:50:58 UTC | CC | egolov | |
| Doc Type | --- | If docs needed, set a value | ||
| Yadnyawalk Tale | 2021-03-30 10:22:38 UTC | Group | security, qe_staff | |
| Deadline | 2021-03-30 | |||
| Summary | EMBARGOED CVE-2021-20290 smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy | CVE-2021-20290 smart_proxy_openscap: Clients can perform reserved actions on Foreman Server through OpenSCAP plugin for smart-proxy | ||
| Marian Rehak | 2021-03-31 09:46:28 UTC | Blocks | 1945042 | |
| Tomer Brisker | 2021-12-14 09:23:51 UTC | CC | tbrisker | |
| Marian Rehak | 2022-03-24 17:07:29 UTC | Fixed In Version | smart_proxy_openscap 0.9.1 | |
| Red Hat Bugzilla | 2022-07-18 09:51:10 UTC | CC | mmccune | |
| Red Hat Bugzilla | 2023-05-15 20:18:51 UTC | CC | btotty | |
| Red Hat Bugzilla | 2023-07-07 08:28:42 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 1939701