Eric Helms of Red Hat reports: Users can access resources in other organizations via the API if they can guess the name of the resource as access restrictions are not properly enforced.
Acknowledgments: Name: Eric Helms (Red Hat)
This issue has been addressed in the following products: Red Hat Satellite 6.3 for RHEL 7 Via RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336