Bug 1858302 (CVE-2020-14335)
Summary: | CVE-2020-14335 foreman: world-readable OMAPI secret through the ISC DHCP server | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Yadnyawalk Tale <ytale> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bbuckingham, bcourt, bkearney, btotty, hhudgeon, hlawatschek, lzap, mmccune, nmoumoul, oezr, rchan, rjerrido, security-response-team, sokeeffe |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-21 16:46:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1858311 | ||
Bug Blocks: | 1858290 |
Description
Yadnyawalk Tale
2020-07-17 13:43:58 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Acknowledgments: Name: Foreman Upstream: Peter Bray (illumino Pty Ltd, Australia) This issue has been addressed in the following products: Red Hat Satellite 6.8 for RHEL 7 Via RHSA-2021:1313 https://access.redhat.com/errata/RHSA-2021:1313 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14335 |