On Foreman, Shellhooks plugin for smart-proxy introduce a flaw which allows any client to perform actions of Foreman Server.
Name: Evgeni Golov (Red Hat)
Upstream: Foreman project
Red Hat Satellite 6 does not ship the smart_proxy_shellhooks plugin, which is affected by the vulnerability. This flaw affects upstream Foreman only.
To mitigate the flaw, disable the smart_proxy_shellhooks plugin from the Server.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):