CVE-2020-10716
First published: Thu Apr 23 2020(Updated: )
The "User input" entry from Job Invocation may contain plaintext password or other sensitive data. As a result, anyone who could view the job invocation could see it. The fix was to restrict the ability to view Job Invocation to users to are entitle to execute it.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tfm-rubygem-foreman_ansible | <4.0.3.4 | 4.0.3.4 |
| Redhat Satellite | =6.7 | |
| Redhat Satellite Capsule | =6.7 | |
| Theforeman Foreman Ansible | <4.0.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10716?
CVE-2020-10716 is a vulnerability found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted, allowing a malicious user to search for passwords and sensitive data.
How does CVE-2020-10716 affect Red Hat Satellite?
CVE-2020-10716 affects Red Hat Satellite 6.7 and Red Hat Satellite Capsule 6.7.
What is the severity of CVE-2020-10716?
CVE-2020-10716 has a severity rating of medium with a CVSS score of 6.5.
How can I fix CVE-2020-10716?
To fix CVE-2020-10716, upgrade to tfm-rubygem-foreman_ansible version 4.0.3.4 or apply the necessary updates from Red Hat.
Where can I find more information about CVE-2020-10716?
More information about CVE-2020-10716 can be found in the references provided: [1], [2], [3].
- collector/redhat-bugzilla
- alias/CVE-2020-10716
- collector/nvd-index
- package-manager/redhat
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.7
- canonical/redhat satellite capsule
- version/redhat satellite capsule/6.7
- vendor/theforeman
- canonical/theforeman foreman ansible