An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Satellite, independent of the organization the host belongs to. This flaw affects all Satellite 6 versions.
Find out more about CVE-2018-14666 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 6.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | High |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat Satellite 6 | foreman | Will not fix |