It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman |
||
redhat satellite 6.0 |