CVE-2020-14335: Infoleak
First published: Fri Jul 17 2020(Updated: )
Red Hat Satellite 6 allows local user of Smart-Proxy system to read OMAPI interface secret. Local user using the ISC DHCP server can read object mapping API (OMAPI) secret, as by default it listens on all interfaces for OMAPI interfaction.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/foreman | <0:2.3.1.20-1.el7 | 0:2.3.1.20-1.el7 |
| Redhat Satellite | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14335?
CVE-2020-14335 is a vulnerability found in Red Hat Satellite that allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy.
How does CVE-2020-14335 impact system availability?
CVE-2020-14335 can result in a loss of system availability.
What is the severity of CVE-2020-14335?
CVE-2020-14335 has a severity level of 5.8 (medium).
Which software is affected by CVE-2020-14335?
Red Hat Satellite 2.3.1.20-1.el7 is affected by CVE-2020-14335.
How can the CVE-2020-14335 vulnerability be fixed?
To fix CVE-2020-14335, it is recommended to apply the appropriate patches provided by Red Hat.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14335
- collector/redhat-cve
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- package-manager/redhat
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.0