VYPR
Unrated severityNVD Advisory· Published Apr 11, 2019· Updated Aug 4, 2024

CVE-2019-3845

CVE-2019-3845

Description

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <6.2
  • Red Hat/qpid-dispatch-routerv5
    Range: fixed in Satellite >= 6.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.