CVE-2019-3891

Name of the Vulnerable Software and Affected Versions Red Hat Satellite version 6.4

Description A security issue was found in the Candlepin component of Red Hat Satellite, where a world-readable log file leaked the credentials of the Candlepin database. This could allow a malicious user with local access to a Satellite host to modify the database, preventing Satellite from fetching package updates and thereby preventing all Satellite hosts from accessing those updates.

Recommendations For Red Hat Satellite version 6.4, ensure that the log file belonging to the Candlepin component is properly secured to prevent unauthorized access, and consider resetting the leaked credentials to prevent potential misuse.