Satellite

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-04	CVE-2024-7012	Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. network low complexity redhat CWE-287 critical	9.8
2024-09-04	CVE-2024-7923	Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. network low complexity redhat CWE-287 critical	9.8
2024-06-05	CVE-2024-3716	Unspecified vulnerability in Redhat Satellite 6.0 A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. local low complexity redhat	6.2
2024-06-05	CVE-2024-4812	Cross-site Scripting vulnerability in multiple products A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. network low complexity redhat katello-project CWE-79	4.8
2023-12-18	CVE-2023-4320	Insufficient Session Expiration vulnerability in Redhat Satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. network low complexity redhat CWE-613	7.5
2023-11-14	CVE-2023-5189	Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. network low complexity redhat CWE-22	6.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-04	CVE-2023-1832	Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. network low complexity candlepinproject redhat CWE-863	8.1
2023-10-03	CVE-2023-4886	A sensitive information exposure vulnerability was found in foreman. local low complexity theforeman redhat	4.4
2023-09-22	CVE-2022-3874	OS Command Injection vulnerability in multiple products A command injection flaw was found in foreman. network low complexity redhat theforeman CWE-78 critical	9.1