Redhat Vulnerabilities

An attacker can register fake or untrusted authentication devices in Keycloak, even if the system is set to require secure verification, by submitting a specific type of data that bypasses security checks. This vulnerability weakens the overall security of user authentication, but it requires the attacker to have access to the registration process.

An attacker with the right permissions can exploit a flaw in the Red Hat Satellite system to run their own code remotely by creating a specially crafted username for the Baseboard Management Controller. This requires the attacker to already have access to create or update hosts within the system.

An attacker with the `manage-users` permission can change user profile information that should be restricted, bypassing security settings meant to protect unmanaged attributes. This means that if someone has this admin role, they can make unauthorized modifications to user data, even when the system is supposed to prevent it.

An attacker can crash the Red Hat Developer Hub application by sending specially crafted input through API requests, causing a Denial of Service that temporarily locks out all legitimate users. This vulnerability requires the attacker to be an authenticated user, meaning they already have access to the system.

An attacker can exploit a flaw in the udisks storage management system to access and back up sensitive encryption information from LUKS-encrypted drives without proper authorization. This vulnerability requires the attacker to have access to the system as an unprivileged user, allowing them to potentially compromise the confidentiality of encrypted data.

An attacker with local access can exploit a flaw in the udisks storage management tool to overwrite encryption settings on protected drives, potentially making the data permanently inaccessible. This requires no special privileges, meaning any regular user on the system could cause significant data loss and disrupt access to encrypted volumes.