Impact: Moderate Public Date: 2017-08-14 CWE: CWE-284 Bugzilla: 1480886: CVE-2014-8183 foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Find out more about CVE-2014-8183 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 7.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Changed |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat Satellite 6.3 | RHSA-2018:0336 | 2018-02-21 |
Red Hat Satellite Capsule 6.3 | RHSA-2018:0336 | 2018-02-21 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 6 | security | Will not fix |