Bug 1638156 (CVE-2018-14666)
Summary: | CVE-2018-14666 Satellite: Smart class parameters allow users to access other organizations | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Richard Maciel Costa <rcosta> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bbuckingham, bcourt, bkearney, inecas, mhulan, mmccune, mrike, ohadlevy, orabin, rankumar, rchan, rjerrido, security-response-team, tjay, yjog |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Satellite, independent of the organization the host belongs to. This flaw affects all Satellite 6 versions.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-01-08 18:02:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1638555, 1638556 | ||
Bug Blocks: | 1636281 |
Description
Richard Maciel Costa
2018-10-11 00:24:48 UTC
Acknowledgments: Name: Pat Riehecky (Fermilab) |