{"containers": {"cna": {"affected": [{"product": "Red Hat Satellite", "vendor": "n/a", "versions": [{"status": "affected", "version": "Red Hat Satellite 6.6.3 Red Hat Satellite 6.7"}]}], "descriptions": [{"lang": "en", "value": "A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-02T12:12:04.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873131"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:33.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873131"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14371", "datePublished": "2021-06-02T12:12:04.000Z", "dateReserved": "2020-06-17T00:00:00.000Z", "dateUpdated": "2024-08-04T12:46:33.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de filtrado de credenciales en Red Hat Satellite. Este fallo expone las credenciales de los recursos de computaci\u00f3n mediante las VMs que se ejecutan en estos recursos en Satellite"}], "id": "CVE-2020-14371", "lastModified": "2024-11-21T05:03:06.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-02T13:15:08.967", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873131"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Evgeni Golov (Red Hat).", "bugzilla": {"description": "Satellite: Compute resource credential leak", "id": "1873131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873131"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-200", "details": ["A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.", "A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite."], "name": "CVE-2020-14371", "package_state": [{"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "impact": "moderate", "package_name": "foreman", "product_name": "Red Hat Satellite 6"}], "public_date": "2020-08-27T13:02:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14371\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14371"], "statement": "Red Hat Satellite is vulnerable to the compute resource credential leak through VMs that are running on these resources in Satellite. Red Hat Product Security has rated this flaw as having a security impact of Moderate. Please refer to\u00a0https://access.redhat.com/security/updates/classification\u00a0for clarification on the scoring.", "threat_severity": "Moderate"}

{}