Impact
The vulnerability arises in Foreman, enabling authenticated users who possess the view_keypairs permission to bypass taxonomy scoping constraints. By directly querying key pair identifiers, these users can download private SSH keys belonging to other organizations, resulting in cross-tenant exposure of sensitive credentials. This weakness is identified as CWE-639. The consequence is the loss of confidentiality for SSH private keys across tenant boundaries, potentially granting attackers remote access or privilege escalation in affected systems.
Affected Systems
The affected product is Red Hat Satellite 6. No specific patch level or version range is listed; therefore any installation of Satellite 6 that has not applied the relevant vendor update remains vulnerable.
Risk and Exploitability
The CVSS score of 6.5 classifies this flaw as medium severity. Because the exploit requires authenticated access with view_keypairs permission, the attack surface is limited to privileged users or accounts that have been compromised or misconfigured. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation currently. Nevertheless, once the necessary permissions are in place, an attacker can retrieve any private key by supplying the appropriate key pair ID, leading to immediate confidentiality leakage.
OpenCVE Enrichment