Vulnerabilities > Redhat > Satellite

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-7012 Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.
network
low complexity
redhat CWE-287
critical
9.8
2024-09-04 CVE-2024-7923 Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.
network
low complexity
redhat
critical
9.8
2024-06-05 CVE-2024-3716 Unspecified vulnerability in Redhat Satellite 6.0
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter.
local
low complexity
redhat
6.2
2024-06-05 CVE-2024-4812 A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user.
network
low complexity
redhat katello-project
4.8
2023-12-18 CVE-2023-4320 Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat CWE-613
7.5
2023-11-14 CVE-2023-5189 Relative Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite
A path traversal vulnerability exists in Ansible when extracting tarballs.
network
low complexity
redhat CWE-23
6.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-04 CVE-2023-1832 Incorrect Authorization vulnerability in multiple products
An improper access control flaw was found in Candlepin.
network
low complexity
candlepinproject redhat CWE-863
8.1
2023-10-03 CVE-2023-4886 A sensitive information exposure vulnerability was found in foreman.
local
low complexity
theforeman redhat
4.4
2023-09-22 CVE-2022-3874 OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat theforeman CWE-78
critical
9.1