rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

Command Injection

Overview rubyipmi is a Controls IPMI devices via command line wrapper for ipmitool and freeipmi Affected versions of this package are vulnerable to Command Injection via the username parameter in the BMC interface. An attacker can execute arbitrary system commands by supplying a specially crafted...

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

CVE-2026-0980

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

CVE-2026-0980

The CVE-2026-0980 issue involves the rubyipmi gem used by Red Hat Satellite’s BMC component. Affected component: rubyipmi (BMC interface). Underlying cause: authenticated attacker with host creation or update permissions can craft a malicious username to trigger remote code execution (RCE) on the...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

Information Disclosure

satellite is vulnerable to information disclosure. The vulnerability exists due to the BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission...

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Design/Logic Flaw

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...