Bug 1930352 (CVE-2021-3413) - CVE-2021-3413 Satellite: Azure compute resource secret_key leak to authenticated users
Summary: CVE-2021-3413 Satellite: Azure compute resource secret_key leak to authentica...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3413
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1928786 1930367
Blocks: 1929261 1930362
TreeView+ depends on / blocked
 
Reported: 2021-02-18 17:44 UTC by Yadnyawalk Tale
Modified: 2021-12-14 18:47 UTC (History)
12 users (show)

Fixed In Version: tfm-rubygem-foreman_azure_rm 2.2.0
Clone Of:
Environment:
Last Closed: 2021-11-11 05:58:22 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4702 0 None None None 2021-11-16 14:07:57 UTC

Description Yadnyawalk Tale 2021-02-18 17:44:16 UTC
A credential leak vulnerability was found in Red Hat Satellite through Azure Resource Manager. This flaw exposes the compute resources credentials with in the Satellite.

Comment 1 Yadnyawalk Tale 2021-02-18 17:44:22 UTC
Acknowledgments:

Name: Evgeni Golov (Red Hat)

Comment 2 Yadnyawalk Tale 2021-02-18 17:44:26 UTC
Statement:

Red Hat Satellite is vulnerable to the compute resource credential leak. Red Hat Product Security has rated this flaw as having a security impact of Moderate. Please refer to https://access.redhat.com/security/updates/classification for clarification on the scoring.

Comment 5 errata-xmlrpc 2021-11-16 14:07:55 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.10 for RHEL 7

Via RHSA-2021:4702 https://access.redhat.com/errata/RHSA-2021:4702


Note You need to log in before you can comment on or make changes to this bug.