CVE-2020-14380

  • Last update: Apr 13, 2023

Description

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

Software From Fixed in
redhat / satellite 6.7.2 6.7.2.x

Details

    • Severity: High
  • CVE: CVE-2020-14380
  • Published: Jun 2, 2021
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v3

  • Severity: High
  • Score: 7.5
  • AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

  • Severity: Medium
  • Score: 6
  • AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs

OWASP TOP 10