CVE-2017-7470
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
Find out more about CVE-2017-7470 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the versions of spacewalk-backend as shipped with Red Hat Satellite version 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v3 metrics
| CVSS3 Base Score | 6.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | High |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 5.6 (RHEL v.6) (spacewalk-backend) | RHSA-2017:1259 | 2017-05-18 |
| Red Hat Satellite 5.6 (RHEL v.5) (spacewalk-backend) | RHSA-2017:1259 | 2017-05-18 |
| Red Hat Satellite 5.7 (RHEL v.6) (spacewalk-backend) | RHSA-2017:1259 | 2017-05-18 |