CVE-2026-5142
MEDIUM
6.5
CVSS 3.1
Description
A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Affected products (6)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Red Hat | Red Hat Satellite 6 | — | — |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | — | 0:3.12.0.17-1.el8sat < * |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | — | 0:3.12.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | — | 0:3.14.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | — | 0:3.16.0.17-1.el9sat < * |
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 | — | 0:3.18.0.7-1.el9sat < * |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-639 | cna | Authorization Bypass Through User-Controlled Key |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (6)
- RHSA-2026:34365 https://access.redhat.com/errata/RHSA-2026:34365
- RHSA-2026:34366 https://access.redhat.com/errata/RHSA-2026:34366
- RHSA-2026:34367 https://access.redhat.com/errata/RHSA-2026:34367
- RHSA-2026:34368 https://access.redhat.com/errata/RHSA-2026:34368
- https://access.redhat.com/security/cve/CVE-2026-5142
- RHBZ#2452999 https://bugzilla.redhat.com/show_bug.cgi?id=2452999