Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2021-05-27 |
Product | Satellite | Last view | 2023-12-18 |
Version | 6.7 | Type | Application |
Update | - | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:redhat:satellite |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2023-12-18 | CVE-2023-4320 | An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. |
8.1 | 2022-08-26 | CVE-2021-3414 | A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. |
6.5 | 2021-05-27 | CVE-2020-10716 | A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects tfm-rubygem-foreman_ansible versions before 4.0.3.4. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-613 | Insufficient Session Expiration |
50% (1) | CWE-281 | Improper Preservation of Permissions |