Show plain JSON{"acknowledgement": "Red Hat would like to thank Katherine M. Hosch (Louisiana Technical Consulting) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "ansiblerole-satellite-receptor-installer-0:0.6.6.1-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "foreman-0:1.24.1.25-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "foreman-installer-1:1.24.1.22-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "pulp-0:2.21.0.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "python-receptor-satellite-0:1.0.1-2.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "satellite-0:6.7.3-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman_ansible-0:4.0.3.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman_remote_execution-0:2.0.10.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman-tasks-0:0.17.5.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-katello-0:3.14.0.27-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "ansiblerole-satellite-receptor-installer-0:0.6.6.1-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "foreman-0:1.24.1.25-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "foreman-installer-1:1.24.1.22-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "pulp-0:2.21.0.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "python-receptor-satellite-0:1.0.1-2.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "satellite-0:6.7.3-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman_ansible-0:4.0.3.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman_remote_execution-0:2.0.10.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman-tasks-0:0.17.5.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-katello-0:3.14.0.27-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}], "bugzilla": {"description": "foreman-installer: Candlepin plaintext password disclosure while Satellite update", "id": "1816747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816747"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-522", "details": ["A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.", "A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password."], "name": "CVE-2020-10710", "public_date": "2021-12-10T05:27:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10710\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10710"], "threat_severity": "Moderate"}