{
  "threat_severity" : "Moderate",
  "public_date" : "2020-09-07T14:43:00Z",
  "bugzilla" : {
    "description" : "foreman: world-readable OMAPI secret through the ISC DHCP server",
    "id" : "1858302",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1858302"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.", "A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability." ],
  "acknowledgement" : "Red Hat would like to thank Foreman for reporting this issue. Upstream acknowledges Peter Bray (illumino Pty Ltd, Australia) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.9 for RHEL 7",
    "release_date" : "2021-04-21T00:00:00Z",
    "advisory" : "RHSA-2021:1313",
    "cpe" : "cpe:/a:redhat:satellite:6.9::el7",
    "package" : "foreman-0:2.3.1.20-1.el7sat"
  }, {
    "product_name" : "Red Hat Satellite 6.9 for RHEL 7",
    "release_date" : "2021-04-21T00:00:00Z",
    "advisory" : "RHSA-2021:1313",
    "cpe" : "cpe:/a:redhat:satellite_capsule:6.9::el7",
    "package" : "foreman-0:2.3.1.20-1.el7sat"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14335\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14335" ],
  "name" : "CVE-2020-14335",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}