1816747 – (CVE-2020-10710) CVE-2020-10710 foreman-installer: Candlepin plaintext password disclosure while Satellite update

Bug 1816747 (CVE-2020-10710) - CVE-2020-10710 foreman-installer: Candlepin plaintext password disclosure while Satellite update

Summary: CVE-2020-10710 foreman-installer: Candlepin plaintext password disclosure whi...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-10710
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1824612 1865995
Blocks:	1816748
TreeView+	depends on / blocked

Reported:	2020-03-24 16:08 UTC by Pedro Sampaio
Modified:	2022-10-02 21:54 UTC (History)
CC List:	19 users (show)
Fixed In Version:	foreman-installer 1.24.1.22
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.
Clone Of:
Environment:
Last Closed:	2021-12-10 05:28:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2020-03-24 16:08:01 UTC

Plaintext Candlepin password disclosed while updating Red Hat Satellite through satellite-installer. An attacker with sufficiently high privileges, such as root, can retrieve Candlepin plaintext password.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1809497

Comment 4 Yadnyawalk Tale 2020-04-21 14:22:06 UTC

Acknowledgments:

Name: Katherine M. Hosch (Louisiana Technical Consulting)

Note You need to log in before you can comment on or make changes to this bug.