Redhat

Satellite

223 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2025-12790

  • EPSS 0.06%
  • Veröffentlicht 06.11.2025 21:15:40
  • Zuletzt bearbeitet 12.11.2025 16:20:22

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

8

CVE-2025-10622

  • EPSS 0.15%
  • Veröffentlicht 05.11.2025 07:32:14
  • Zuletzt bearbeitet 06.11.2025 19:45:30

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validatio...

3.3

CVE-2025-2157

  • EPSS 0.03%
  • Veröffentlicht 15.03.2025 06:35:52
  • Zuletzt bearbeitet 15.03.2025 07:15:34

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information d...

5

CVE-2024-12840

  • EPSS 0.06%
  • Veröffentlicht 20.12.2024 16:15:23
  • Zuletzt bearbeitet 12.05.2025 21:15:46

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug.

9.8

CVE-2024-7012

  • EPSS 0.2%
  • Veröffentlicht 04.09.2024 14:15:14
  • Zuletzt bearbeitet 06.11.2024 09:15:04

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restriction...

9.8

CVE-2024-7923

  • EPSS 0.37%
  • Veröffentlicht 04.09.2024 14:15:14
  • Zuletzt bearbeitet 24.11.2024 19:15:05

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of r...

6.2

CVE-2024-3716

  • EPSS 0.06%
  • Veröffentlicht 05.06.2024 15:15:12
  • Zuletzt bearbeitet 21.11.2024 09:30:13

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

4.8

CVE-2024-4812

  • EPSS 0.11%
  • Veröffentlicht 05.06.2024 15:15:12
  • Zuletzt bearbeitet 21.11.2024 09:43:40

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

6.8

CVE-2024-4871

  • EPSS 1.79%
  • Veröffentlicht 14.05.2024 16:17:37
  • Zuletzt bearbeitet 21.11.2024 09:43:45

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to...

7.5

CVE-2023-4320

  • EPSS 0.05%
  • Veröffentlicht 18.12.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:50

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the syst...