First published: Fri Jul 17 2020(Updated: )
Red Hat Satellite 6 allows local user of instance to read cache files. These credentials give full access via the API and local user on the foreman server can gain complete access of the instance.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Satellite with Embedded Oracle |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-1858284 is critical due to the potential for local users to gain full access to the API.
To fix REDHAT-BUG-1858284, update Red Hat Satellite to the latest version that contains the security patches.
Any local user with access to an instance of Red Hat Satellite 6 may be affected by REDHAT-BUG-1858284.
The risks associated with REDHAT-BUG-1858284 include unauthorized access to sensitive data and potential manipulation of instance settings.
A temporary workaround for REDHAT-BUG-1858284 is to restrict local user access until a patch is applied.