Satellite@6.0 Security Vulnerabilities and Issues — Satellite@6.0 CVE List

Lucene search

RedhatSatellite6.0

7 matches found

CVE•added 2019/01/13 2:29 a.m.•66 views

CVE-2018-16887

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to mali...

5.4CVSS5.4AI score0.00261EPSS

CVE•added 2019/08/01 2:15 p.m.•63 views

CVE-2014-8183

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

7.4CVSS7.3AI score0.00153EPSS

CVE•added 2019/04/09 4:29 p.m.•61 views

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control...

4.9CVSS5.5AI score0.01281EPSS

CVE•added 2019/11/05 3:15 p.m.•57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS

CVE•added 2019/11/05 3:15 p.m.•47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS

CVE•added 2019/12/13 1:15 p.m.•46 views

CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable