Vulnerability Description
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Satellite | < 6.2 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:1223Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845Issue TrackingMitigationThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1223Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3845Issue TrackingMitigationThird Party Advisory
FAQ
What is CVE-2019-3845?
CVE-2019-3845 is a vulnerability with a CVSS score of 8.0 (HIGH). A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule ...
How severe is CVE-2019-3845?
CVE-2019-3845 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3845?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Satellite.