Brian Bouterse of Red Hat reports:
Satellite 6 uses a single CA to generate sign all certs; that CA is trusted by
the Qpid brokers on the server, capsule, dispatch router, httpd, etc. By design,
content hosts only should connect to httpd and the dispatch router. A user with
root access to a content host has access to these certs and could authenticate
to the server broker or the capsule broker.
This issue was discovered by Brian Bouterse of Red Hat.