CVE-2019-3845
Description
A lack of access control was found in the message queues maintained by Satellites QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
Risk Information
Base Score
8.0
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.175
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:1223) Red Hat Satellite Tools security update foreman-cli-1.20.1.34-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update gofer-2.11.9-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update gofer-2.11.9-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update gofer-2.12.5-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-agent-3.5.0-2.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-agent-3.5.0-2.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-agent-3.5.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-3.5.0-2.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-3.5.0-2.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-3.5.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-fact-plugin-3.5.0-2.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-fact-plugin-3.5.0-2.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-fact-plugin-3.5.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-tracer-3.5.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update pulp-puppet-tools-2.18.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update pulp-rpm-handlers-2.18.1.5-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update pulp-rpm-handlers-2.18.1.5-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el5.i386.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el5.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el6sat.i686.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el6sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-argcomplete-1.7.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-2.11.9-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-2.11.9-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-2.12.5-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-proton-2.11.9-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-proton-2.11.9-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-gofer-proton-2.12.5-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-hashlib-20081119-7.el5sat.i386.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-hashlib-20081119-7.el5sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-isodate-0.5.0-4.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-isodate-0.5.0-4.pulp.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-isodate-0.5.0-5.pulp.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-psutil-5.0.1-3.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-agent-lib-2.18.1.1-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-agent-lib-2.18.1.1-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-common-2.18.1.1-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-common-2.18.1.1-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-common-2.18.1.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-manifest-2.18.1.5-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-puppet-common-2.18.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-rpm-common-2.18.1.5-1.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-pulp-rpm-common-2.18.1.5-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-qpid-proton-0.16.0-12.el6sat.i686.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-qpid-proton-0.16.0-12.el6sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-qpid-proton-0.26.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-qpid-proton-0.9-16.el5.i386.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-qpid-proton-0.9-16.el5.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-uuid-1.30-4.el5.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python2-beautifulsoup4-4.6.3-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python2-future-0.16.0-11.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python2-tracer-0.7.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.16.0-12.el6sat.i686.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.16.0-12.el6sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.26.0-3.el7.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.9-16.el5.i386.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.9-16.el5.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update rubygem-foreman_scap_client-0.4.5-1.el6sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update rubygem-foreman_scap_client-0.4.5-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update rubygem-json-1.4.6-2.el6.i686.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update satellite-cli-6.5.0-11.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-ror52-rubygem-mime-types-3.2.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-ror52-rubygem-mime-types-data-3.2018.0812-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-ror52-rubygem-multi_json-1.13.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-ror52-runtime-1.0-4.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-apipie-bindings-0.2.2-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-awesome_print-1.8.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-clamp-1.1.2-4.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli-0.15.1.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_csv-2.3.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman-0.15.1.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_admin-0.0.8-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_ansible-0.1.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3.3-5.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_discovery-1.0.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_docker-0.0.6.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_openscap-0.1.6-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.0-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_tasks-0.0.13-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_templates-0.1.2-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.3-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hammer_cli_katello-0.16.0.11-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-little-plugger-1.1.3-23.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-logging-2.2.2-5.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-powerbar-2.0.1-1.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-rest-client-2.0.1-3.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-unf_ext-0.0.6-9.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-unicode-0.4.4.1-6.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tfm-runtime-5.0-3.el7sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tracer-common-0.7.1-2.el7sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update gofer-2.12.5-3.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-agent-3.5.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-3.5.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update katello-host-tools-tracer-3.5.0-2.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update puppet-agent-5.5.12-1.el8sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python-psutil-debugsource-5.0.1-3.el8sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-beautifulsoup4-4.6.3-2.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-future-0.16.0-11.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-gofer-2.12.5-3.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-gofer-proton-2.12.5-3.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-psutil-5.0.1-3.el8sat.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-qpid-proton-0.26.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update python3-tracer-0.7.1-2.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-c-0.26.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update qpid-proton-debugsource-0.26.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update rubygem-foreman_scap_client-0.4.5-1.el8sat.noarch.rpm | Linux |
| (RHSA-2019:1223) Red Hat Satellite Tools security update tracer-common-0.7.1-2.el8sat.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234