{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-10710", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T11:06:11.148Z", "dateReserved": "2020-03-20T00:00:00", "datePublished": "2022-08-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password."}], "affected": [{"vendor": "n/a", "product": "foreman-installer", "versions": [{"version": "foreman-installer 1.24.1.22", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816747"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-522", "cweId": "CWE-522"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:11.148Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816747", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*", "matchCriteriaId": "27415E28-D6BB-43FE-BD3F-842302CEE6D6", "versionEndExcluding": "1.24.1.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password."}, {"lang": "es", "value": "Se ha detectado un fallo en el que es divulgada la contrase\u00f1a Plaintext Candlepin al actualizar Red Hat Satellite mediante del instalador de sat\u00e9lites. Este fallo permite a un atacante con privilegios suficientemente altos, como root, recuperar la contrase\u00f1a de texto plano de Candlepin."}], "id": "CVE-2020-10710", "lastModified": "2022-12-08T03:22:18.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T21:15:09.300", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816747"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Katherine M. Hosch (Louisiana Technical Consulting) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "ansiblerole-satellite-receptor-installer-0:0.6.6.1-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "foreman-0:1.24.1.25-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "foreman-installer-1:1.24.1.22-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "pulp-0:2.21.0.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "python-receptor-satellite-0:1.0.1-2.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "satellite-0:6.7.3-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman_ansible-0:4.0.3.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman_remote_execution-0:2.0.10.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-foreman-tasks-0:0.17.5.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite:6.7::el7", "package": "tfm-rubygem-katello-0:3.14.0.27-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "ansiblerole-satellite-receptor-installer-0:0.6.6.1-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "foreman-0:1.24.1.25-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "foreman-installer-1:1.24.1.22-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "pulp-0:2.21.0.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "python-receptor-satellite-0:1.0.1-2.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "satellite-0:6.7.3-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman_ansible-0:4.0.3.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman_remote_execution-0:2.0.10.2-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-foreman-tasks-0:0.17.5.7-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}, {"advisory": "RHBA-2020:3614", "cpe": "cpe:/a:redhat:satellite_capsule:6.7::el7", "package": "tfm-rubygem-katello-0:3.14.0.27-1.el7sat", "product_name": "Red Hat Satellite 6.7 for RHEL 7", "release_date": "2020-09-02T00:00:00Z"}], "bugzilla": {"description": "foreman-installer: Candlepin plaintext password disclosure while Satellite update", "id": "1816747", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816747"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-522", "details": ["A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.", "A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password."], "name": "CVE-2020-10710", "public_date": "2021-12-10T05:27:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10710\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10710"], "threat_severity": "Moderate", "upstream_fix": "foreman-installer 1.24.1.22"}