CVE-2020-14380

EUVD-2020-6520
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
redhatsatellite
6.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1873926
https://bugzilla.redhat.com/show_bug.cgi?id=1873926