Fedora Account System
Red Hat Associate
Red Hat Customer
KeyPairsController#show bypasses taxonomy scoping, allowing authenticated users with view_keypairs permission to download private SSH keys across organizations by directly querying key pair IDs. This results in cross-tenant data exposure in multi-tenant deployments. Requirements to exploit: Authenticated user account Permission view_keypairs (e.g., via Viewer role) Ability to guess or enumerate KeyPair IDs (low complexity due to predictable IDs)
This issue has been addressed in the following products: Red Hat Satellite 6.17 for RHEL 9 Via RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
This issue has been addressed in the following products: Red Hat Satellite 6.18 for RHEL 9 Via RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368
This issue has been addressed in the following products: Red Hat Satellite 6.16 for RHEL 8 Red Hat Satellite 6.16 for RHEL 9 Via RHSA-2026:34367 https://access.redhat.com/errata/RHSA-2026:34367