CVE-2019-3845 - A lack of access control was found in the message queues maintained by Satellite's QPID broker and u

CVE-2019-3845

Summary

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.

References

Vulnerable Configurations

cpe:2.3:a:redhat:satellite:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.1:*:*:*:*:*:*:*

CVSS

Base:	5.2 (as of 15-10-2020 - 14:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:S/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2019:1223

rpms

foreman-installer-katello-0:3.4.5.35-1.el7sat
katello-installer-base-0:3.4.5.35-1.el7sat
satellite-0:6.3.5.1-1.el7sat
satellite-capsule-0:6.3.5.1-1.el7sat
satellite-cli-0:6.3.5.1-1.el7sat
satellite-common-0:6.3.5.1-1.el7sat
satellite-debug-tools-0:6.3.5.1-1.el7sat
foreman-installer-katello-0:3.0.0.105-1.el6sat
foreman-installer-katello-0:3.0.0.105-1.el7sat
katello-installer-base-0:3.0.0.105-1.el6sat
katello-installer-base-0:3.0.0.105-1.el7sat
libwebsockets-0:2.1.0-3.el6
libwebsockets-0:2.1.0-3.el7
libwebsockets-debuginfo-0:2.1.0-3.el6
libwebsockets-debuginfo-0:2.1.0-3.el7
python-qpid-0:1.35.0-5.el6
python-qpid-0:1.35.0-5.el7
python-qpid-proton-0:0.16.0-12.el6sat
python-qpid-proton-0:0.16.0-12.el7sat
python-qpid-qmf-0:1.36.0-19.el6
python-qpid-qmf-0:1.36.0-19.el7
qpid-cpp-client-0:1.36.0-19.el6
qpid-cpp-client-0:1.36.0-19.el7
qpid-cpp-client-devel-0:1.36.0-19.el6
qpid-cpp-client-devel-0:1.36.0-19.el7
qpid-cpp-debuginfo-0:1.36.0-19.el6
qpid-cpp-debuginfo-0:1.36.0-19.el7
qpid-cpp-server-0:1.36.0-19.el6
qpid-cpp-server-0:1.36.0-19.el7
qpid-cpp-server-linearstore-0:1.36.0-19.el6
qpid-cpp-server-linearstore-0:1.36.0-19.el7
qpid-dispatch-debuginfo-0:0.8.0-10.el6
qpid-dispatch-debuginfo-0:0.8.0-16.el7sat
qpid-dispatch-router-0:0.8.0-10.el6
qpid-dispatch-router-0:0.8.0-16.el7sat
qpid-dispatch-tools-0:0.8.0-10.el6
qpid-dispatch-tools-0:0.8.0-16.el7sat
qpid-proton-c-0:0.16.0-12.el6sat
qpid-proton-c-0:0.16.0-12.el7sat
qpid-proton-debuginfo-0:0.16.0-12.el6sat
qpid-proton-debuginfo-0:0.16.0-12.el7sat
qpid-qmf-0:1.36.0-19.el6
qpid-qmf-0:1.36.0-19.el7
qpid-tools-0:1.36.0-19.el6
qpid-tools-0:1.36.0-19.el7
satellite-0:6.2.16.1-1.0.el6sat
satellite-0:6.2.16.1-1.0.el7sat
satellite-capsule-0:6.2.16.1-1.0.el6sat
satellite-capsule-0:6.2.16.1-1.0.el7sat
satellite-cli-0:6.2.16.1-1.0.el6sat
satellite-cli-0:6.2.16.1-1.0.el7sat
satellite-debug-tools-0:6.2.16.1-1.0.el6sat
satellite-debug-tools-0:6.2.16.1-1.0.el7sat
tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el6sat
tfm-rubygem-foreman_theme_satellite-0:0.1.47.5-1.el7sat
tfm-rubygem-katello-0:3.0.0.171-1.el6sat
tfm-rubygem-katello-0:3.0.0.171-1.el7sat
tfm-rubygem-katello_ostree-0:3.0.0.171-1.el7sat
tfm-rubygem-qpid_messaging-0:1.36.0-6.el6sat
tfm-rubygem-qpid_messaging-0:1.36.0-6.el7sat
tfm-rubygem-qpid_messaging-debuginfo-0:1.36.0-6.el6sat
tfm-rubygem-qpid_messaging-debuginfo-0:1.36.0-6.el7sat
foreman-installer-katello-0:3.7.0.19-1.el7sat
katello-installer-base-0:3.7.0.19-1.el7sat
satellite-0:6.4.2.1-1.el7sat
satellite-capsule-0:6.4.2.1-1.el7sat
satellite-cli-0:6.4.2.1-1.el7sat
satellite-common-0:6.4.2.1-1.el7sat
satellite-debug-tools-0:6.4.2.1-1.el7sat
foreman-cli-0:1.20.1.34-1.el7sat
gofer-0:2.11.9-1.el5
gofer-0:2.11.9-1.el6sat
gofer-0:2.12.5-3.el7sat
gofer-0:2.12.5-3.el8sat
katello-agent-0:3.5.0-2.el5
katello-agent-0:3.5.0-2.el6sat
katello-agent-0:3.5.0-2.el7sat
katello-agent-0:3.5.0-2.el8sat
katello-host-tools-0:3.5.0-2.el5
katello-host-tools-0:3.5.0-2.el6sat
katello-host-tools-0:3.5.0-2.el7sat
katello-host-tools-0:3.5.0-2.el8sat
katello-host-tools-fact-plugin-0:3.5.0-2.el5
katello-host-tools-fact-plugin-0:3.5.0-2.el6sat
katello-host-tools-fact-plugin-0:3.5.0-2.el7sat
katello-host-tools-tracer-0:3.5.0-2.el7sat
katello-host-tools-tracer-0:3.5.0-2.el8sat
openscap-0:1.2.4-2.el6
openscap-debuginfo-0:1.2.4-2.el6
openscap-scanner-0:1.2.4-2.el6
pulp-puppet-tools-0:2.18.1-2.el7sat
pulp-rpm-handlers-0:2.18.1.5-1.el5
pulp-rpm-handlers-0:2.18.1.5-1.el6sat
puppet-agent-0:5.5.12-1.el5
puppet-agent-0:5.5.12-1.el6sat
puppet-agent-0:5.5.12-1.el7sat
puppet-agent-0:5.5.12-1.el8sat
python-argcomplete-0:1.7.0-2.el7sat
python-gofer-0:2.11.9-1.el5
python-gofer-0:2.11.9-1.el6sat
python-gofer-0:2.12.5-3.el7sat
python-gofer-proton-0:2.11.9-1.el5
python-gofer-proton-0:2.11.9-1.el6sat
python-gofer-proton-0:2.12.5-3.el7sat
python-hashlib-0:20081119-7.el5sat
python-hashlib-debuginfo-0:20081119-7.el5sat
python-isodate-0:0.5.0-4.el6sat
python-isodate-0:0.5.0-4.pulp.el5
python-isodate-0:0.5.0-5.pulp.el7sat
python-psutil-0:5.0.1-3.el7sat
python-psutil-debuginfo-0:5.0.1-3.el7sat
python-psutil-debugsource-0:5.0.1-3.el8sat
python-pulp-agent-lib-0:2.18.1.1-1.el5
python-pulp-agent-lib-0:2.18.1.1-1.el6sat
python-pulp-common-0:2.18.1.1-1.el5
python-pulp-common-0:2.18.1.1-1.el6sat
python-pulp-common-0:2.18.1.1-1.el7sat
python-pulp-manifest-0:2.18.1.5-1.el7sat
python-pulp-puppet-common-0:2.18.1-2.el7sat
python-pulp-rpm-common-0:2.18.1.5-1.el5
python-pulp-rpm-common-0:2.18.1.5-1.el6sat
python-qpid-proton-0:0.16.0-12.el6sat
python-qpid-proton-0:0.26.0-3.el7
python-qpid-proton-0:0.9-16.el5
python-uuid-0:1.30-4.el5
python2-beautifulsoup4-0:4.6.3-2.el7sat
python2-future-0:0.16.0-11.el7sat
python2-tracer-0:0.7.1-2.el7sat
python3-beautifulsoup4-0:4.6.3-2.el8sat
python3-future-0:0.16.0-11.el8sat
python3-gofer-0:2.12.5-3.el8sat
python3-gofer-proton-0:2.12.5-3.el8sat
python3-psutil-0:5.0.1-3.el8sat
python3-psutil-debuginfo-0:5.0.1-3.el8sat
python3-qpid-proton-0:0.26.0-3.el8
python3-qpid-proton-debuginfo-0:0.26.0-3.el8
python3-tracer-0:0.7.1-2.el8sat
qpid-proton-c-0:0.16.0-12.el6sat
qpid-proton-c-0:0.26.0-3.el7
qpid-proton-c-0:0.26.0-3.el8
qpid-proton-c-0:0.9-16.el5
qpid-proton-c-debuginfo-0:0.26.0-3.el8
qpid-proton-cpp-debuginfo-0:0.26.0-3.el8
qpid-proton-debuginfo-0:0.16.0-12.el6sat
qpid-proton-debuginfo-0:0.26.0-3.el7
qpid-proton-debuginfo-0:0.26.0-3.el8
qpid-proton-debuginfo-0:0.9-16.el5
qpid-proton-debugsource-0:0.26.0-3.el8
rubygem-foreman_scap_client-0:0.4.5-1.el6sat
rubygem-foreman_scap_client-0:0.4.5-1.el7sat
rubygem-foreman_scap_client-0:0.4.5-1.el8sat
rubygem-json-0:1.4.6-2.el6
rubygem-json-debuginfo-0:1.4.6-2.el6
rubygems-0:1.3.7-5.el6
satellite-cli-0:6.5.0-11.el7sat
tfm-ror52-rubygem-mime-types-0:3.2.2-1.el7sat
tfm-ror52-rubygem-mime-types-data-0:3.2018.0812-1.el7sat
tfm-ror52-rubygem-multi_json-0:1.13.1-1.el7sat
tfm-ror52-runtime-0:1.0-4.el7sat
tfm-rubygem-apipie-bindings-0:0.2.2-2.el7sat
tfm-rubygem-awesome_print-0:1.8.0-3.el7sat
tfm-rubygem-clamp-0:1.1.2-4.el7sat
tfm-rubygem-domain_name-0:0.5.20160310-4.el7sat
tfm-rubygem-fast_gettext-0:1.4.1-3.el7sat
tfm-rubygem-hammer_cli-0:0.15.1.2-1.el7sat
tfm-rubygem-hammer_cli_csv-0:2.3.1-3.el7sat
tfm-rubygem-hammer_cli_foreman-0:0.15.1.1-1.el7sat
tfm-rubygem-hammer_cli_foreman_admin-0:0.0.8-3.el7sat
tfm-rubygem-hammer_cli_foreman_ansible-0:0.1.1-3.el7sat
tfm-rubygem-hammer_cli_foreman_bootdisk-0:0.1.3.3-5.el7sat
tfm-rubygem-hammer_cli_foreman_discovery-0:1.0.0-3.el7sat
tfm-rubygem-hammer_cli_foreman_docker-0:0.0.6.1-1.el7sat
tfm-rubygem-hammer_cli_foreman_openscap-0:0.1.6-2.el7sat
tfm-rubygem-hammer_cli_foreman_remote_execution-0:0.1.0-2.el7sat
tfm-rubygem-hammer_cli_foreman_tasks-0:0.0.13-1.el7sat
tfm-rubygem-hammer_cli_foreman_templates-0:0.1.2-1.el7sat
tfm-rubygem-hammer_cli_foreman_virt_who_configure-0:0.0.3-3.el7sat
tfm-rubygem-hammer_cli_katello-0:0.16.0.11-1.el7sat
tfm-rubygem-hashie-0:3.6.0-1.el7sat
tfm-rubygem-highline-0:1.7.8-4.el7sat
tfm-rubygem-http-cookie-0:1.0.2-5.el7sat
tfm-rubygem-little-plugger-0:1.1.3-23.el7sat
tfm-rubygem-locale-0:2.0.9-13.el7sat
tfm-rubygem-logging-0:2.2.2-5.el7sat
tfm-rubygem-netrc-0:0.11.0-3.el7sat
tfm-rubygem-oauth-0:0.5.4-3.el7sat
tfm-rubygem-powerbar-0:2.0.1-1.el7sat
tfm-rubygem-rest-client-0:2.0.1-3.el7sat
tfm-rubygem-unf-0:0.1.3-7.el7sat
tfm-rubygem-unf_ext-0:0.0.6-9.el7sat
tfm-rubygem-unf_ext-debuginfo-0:0.0.6-9.el7sat
tfm-rubygem-unicode-0:0.4.4.1-6.el7sat
tfm-rubygem-unicode-debuginfo-0:0.4.4.1-6.el7sat
tfm-rubygem-unicode-display_width-0:1.0.5-5.el7sat
tfm-runtime-0:5.0-3.el7sat
tracer-common-0:0.7.1-2.el7sat
tracer-common-0:0.7.1-2.el8sat

refmap via4

confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845

Last major update

15-10-2020 - 14:43

Published

11-04-2019 - 15:29

Last modified

15-10-2020 - 14:43