{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat Satellite 6 allows local users to access mongod and delete pulp_database."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192249"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.350Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192249"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8168", "datePublished": "2017-08-28T15:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat Satellite 6 allows local users to access mongod and delete pulp_database."}, {"lang": "es", "value": "Red Hat Satellite 6 permite que los usuarios locales accedan a mongod y borren pulp_database."}], "id": "CVE-2014-8168", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-28T15:29:00.423", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192249"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jan Huta\u0159 (Red Hat).", "bugzilla": {"description": "Satellite: Local user can access MongoDB and delete database", "id": "1192249", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192249"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-862", "details": ["Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.", "A missing authorization flaw was found in Red Hat Satellite. This flaw allows a malicious local user to access MongoDB on the Satellite server and delete the pulp_database, leading to corruption in the Satellite database. The highest threat from this vulnerability is confidentiality, integrity, and system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2014-8168", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "satellite", "product_name": "Red Hat Satellite 6"}], "public_date": "2015-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8168\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8168"], "statement": "Red Hat Satellite should not be accessed locally by untrusted users, thus this flaw is considered as a moderate impact only. Satellite is removing MongoDB support in future product releases. Public announcement: https://www.redhat.com/en/blog/red-hat-satellite-standardize-postgresql-backend", "threat_severity": "Moderate"}

{}