{"containers": {"cna": {"affected": [{"product": "qpid-dispatch-router", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "fixed in Satellite >= 6.2"}, {"status": "affected", "version": "fixed in Satellite 6.1 - Optional"}, {"status": "affected", "version": "fixed in Satellite Capsule 6.1"}]}], "descriptions": [{"lang": "en", "value": "A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-14T16:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845"}, {"name": "RHSA-2019:1223", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1223"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.596Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845"}, {"name": "RHSA-2019:1223", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1223"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3845", "datePublished": "2019-04-11T14:31:40", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.596Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", "matchCriteriaId": "940654DB-6470-4A4C-BAF2-285F47DC24CC", "versionEndExcluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands."}, {"lang": "es", "value": "Se encontr\u00f3 una falta de control de acceso en las colas de mensajes mantenidas por el broker QPID de Satellite y usadas por katello-agent en versiones anteriores a Satellite 6.2, Satellite 6.1 opcional y Satellite Capsule 6.1. Un usuario malintencionado autenticado en un host registrado en Satellite (o Capsule) puede usar este fallo para acceder a los m\u00e9todos de QMF en cualquier host tambi\u00e9n registrado en Satellite (o Capsule) y ejecutar comandos privilegiados."}], "id": "CVE-2019-3845", "lastModified": "2020-10-15T14:43:07.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-11T15:29:00.510", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1223"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Pavel Moravec (Red Hat).", "affected_release": [{"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "gofer", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "katello-host-tools", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "pulp", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "pulp-rpm", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "python-isodate", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qpid-proton", "product_name": "Red Hat Enterprise Virtualization 2", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "foreman", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "future", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "gofer", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "katello-host-tools", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "openscap", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "pulp", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "pulp-puppet", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "pulp-rpm", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "puppet-agent", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-argcomplete", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-beautifulsoup4", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-hashlib", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-isodate", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-psutil", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "python-uuid", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "qpid-proton", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "rubygem-foreman_scap_client", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "rubygem-json", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "rubygems", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "satellite", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-ror52", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-ror52-rubygem-mime-types", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-ror52-rubygem-mime-types-data", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-ror52-rubygem-multi_json", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-apipie-bindings", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-awesome_print", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-clamp", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-domain_name", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-fast_gettext", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_csv", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_admin", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_ansible", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_bootdisk", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_discovery", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_docker", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_openscap", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_remote_execution", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_tasks", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_templates", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_foreman_virt_who_configure", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hammer_cli_katello", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-hashie", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-highline", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-http-cookie", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-little-plugger", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-locale", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-logging", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-netrc", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-oauth", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-powerbar", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-rest-client", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-unf", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-unf_ext", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-unicode", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tfm-rubygem-unicode-display_width", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1223", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "tracer", "product_name": "Red Hat Satellite 6", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "katello-installer-base-0:3.0.0.105-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "libwebsockets-0:2.1.0-3.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "python-qpid-0:1.35.0-5.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "qpid-cpp-0:1.36.0-19.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "qpid-dispatch-0:0.8.0-10.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "qpid-proton-0:0.16.0-12.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "satellite-0:6.2.16.1-1.0.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.171-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-qpid_messaging-0:1.36.0-6.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "katello-installer-base-0:3.0.0.105-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "libwebsockets-0:2.1.0-3.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "python-qpid-0:1.35.0-5.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "qpid-cpp-0:1.36.0-19.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "qpid-dispatch-0:0.8.0-10.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "qpid-proton-0:0.16.0-12.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "satellite-0:6.2.16.1-1.0.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.171-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-qpid_messaging-0:1.36.0-6.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "katello-installer-base-0:3.0.0.105-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "libwebsockets-0:2.1.0-3.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "python-qpid-0:1.35.0-5.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "qpid-cpp-0:1.36.0-19.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "qpid-dispatch-0:0.8.0-16.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "qpid-proton-0:0.16.0-12.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "satellite-0:6.2.16.1-1.0.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.171-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-qpid_messaging-0:1.36.0-6.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "katello-installer-base-0:3.0.0.105-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "libwebsockets-0:2.1.0-3.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "python-qpid-0:1.35.0-5.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "qpid-cpp-0:1.36.0-19.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "qpid-dispatch-0:0.8.0-16.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "qpid-proton-0:0.16.0-12.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "satellite-0:6.2.16.1-1.0.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.171-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0734", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-qpid_messaging-0:1.36.0-6.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0733", "cpe": "cpe:/a:redhat:satellite:6.3::el7", "package": "katello-installer-base-0:3.4.5.35-1.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0733", "cpe": "cpe:/a:redhat:satellite:6.3::el7", "package": "satellite-0:6.3.5.1-1.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0733", "cpe": "cpe:/a:redhat:satellite_capsule:6.3::el7", "package": "katello-installer-base-0:3.4.5.35-1.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0733", "cpe": "cpe:/a:redhat:satellite_capsule:6.3::el7", "package": "satellite-0:6.3.5.1-1.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0735", "cpe": "cpe:/a:redhat:satellite:6.4::el7", "package": "katello-installer-base-0:3.7.0.19-1.el7sat", "product_name": "Red Hat Satellite 6.4 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}, {"advisory": "RHSA-2019:0735", "cpe": "cpe:/a:redhat:satellite_capsule:6.4::el7", "package": "katello-installer-base-0:3.7.0.19-1.el7sat", "product_name": "Red Hat Satellite 6.4 for RHEL 7", "release_date": "2019-04-09T00:00:00Z"}], "bugzilla": {"description": "katello-installer-base: QMF methods exposed to goferd via qdrouterd", "id": "1684275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1684275"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.", "A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands."], "mitigation": {"lang": "en:us", "value": "On Satellite Server follow the instructions below:\n* Modify /etc/qpid/qpidd.conf to add this line:\nacl-file=qpid_acls.acl\n* Create a new file: /var/lib/qpidd/.qpidd/qpid_acls.acl with content:\nacl allow katello_agent@QPID create queue\nacl allow katello_agent@QPID consume queue\nacl allow katello_agent@QPID access exchange\nacl allow katello_agent@QPID access queue\nacl allow katello_agent@QPID publish exchange routingkey=pulp.task\nacl allow katello_agent@QPID publish exchange name=qmf.default.direct\nacl allow katello_agent@QPID access method name=create\nacl deny-log katello_agent@QPID access method name=*\nacl deny-log katello_agent@QPID all all\n# allow anything else\nacl allow all all\n* As root, execute the command:\n# systemctl restart qpidd\n* In /etc/qpid-dispatch/qdrouterd.conf modify the connector:\nconnector {\nname: broker\nhost: localhost\nport: 5671\nsasl-mechanisms: PLAIN\nsasl-username: katello_agent\nsasl-password: katello_agent\nrole: route-container\nssl-profile: client\nidle-timeout-seconds: 0\n}\n* As root, execute the command:\n# systemctl restart qdrouterd\nThese ACLs will prevent clients to redirect or move messages to various queues which is the nature of the CVE.\nAll other behavior will be unchanged (acl allow all all) which is the current baseline."}, "name": "CVE-2019-3845", "public_date": "2019-04-09T13:27:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3845\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3845"], "statement": "On Red Hat Satellite 6.5, the Satellite 6.5 GA release includes a version of katello-installer-base that provides the fixes for this issue.", "threat_severity": "Important"}