CVE Published: 11/04/2019 |
CVE Updated: 04/08/2024 |
CVE Year: 2019 Source: redhat |
Vendor: Red Hat |
Product: qpid-dispatch-router Status : PUBLISHED
CVE-2019-3845 Description
A lack of access control was found in the message queues maintained by Satellite\'s QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.