Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7470

Опубликовано: 18 мая 2017
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

Отчет

This issue affects the versions of spacewalk-backend as shipped with Red Hat Satellite version 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=1439622spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks

EPSS

Процентиль: 73%
0.00766
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-7470

CVSS3: 6.5
nvd
больше 7 лет назад

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

suse-cvrf логотип

SUSE-SU-2017:1347-1

suse-cvrf
больше 8 лет назад

Security update for SUSE Manager Client Tools

github логотип

GHSA-8hhp-cr56-3gg7

CVSS3: 9.8
github
больше 3 лет назад

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

EPSS

Процентиль: 73%
0.00766
Низкий

6.5 Medium

CVSS3