CVE-2020-10710

MEDIUM

4.4

CVSS Severity Score

EPSS Score0.1360%

EPSS Percentile9.33th

PublishedAug 16, 2022

Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.

Affected Platforms (CPE)

📦

Theforeman

Foreman

< 1.24.1.22

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1816747

Related Vulnerabilities

CVE-2018-146439.8

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this fl...

CVE-2017-75409.8

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Rub...

CVE-2016-44758.8

The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticat...

CVE-2021-35908.8

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO...