CVE-2020-14380 – This vulnerability allows attackers with valid ... (How to Fix)

Q: What is the severity of CVE-2020-14380?

CVE-2020-14380 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers with valid external authentication (SSO or OpenID) to impersonate existing local users in Red Hat Satellite, gaining their privileges. It affects Red Hat Satellite 6.7.2 and later versions. Organizations using external authentication with Satellite are at risk.

📋 TL;DR

This vulnerability allows attackers with valid external authentication (SSO or OpenID) to impersonate existing local users in Red Hat Satellite, gaining their privileges. It affects Red Hat Satellite 6.7.2 and later versions. Organizations using external authentication with Satellite are at risk.

💻 Affected Systems

Products:

Red Hat Satellite

Versions: 6.7.2 and later

Operating Systems: RHEL-based systems running Satellite

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when external authentication (SSO or OpenID) is configured. Default local authentication is not affected.

📦 What is this software?

Satellite by Redhat

View all CVEs affecting Satellite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Satellite infrastructure, allowing attackers to manage all connected systems, deploy malicious content, and access sensitive data.

🟠

Likely Case

Privilege escalation to administrative accounts, enabling unauthorized configuration changes, system management, and data access.

🟢

If Mitigated

Limited impact if external authentication is properly restricted and monitored, with attackers only able to access low-privilege accounts.

🌐 Internet-Facing: HIGH if Satellite is internet-facing with external authentication enabled, as attackers can exploit from anywhere.

🏢 Internal Only: MEDIUM if Satellite is internal-only, requiring attacker to have internal network access and valid external credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires valid external authentication credentials but no special technical skills to execute once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Satellite 6.7.3 and later

Vendor Advisory: https://access.redhat.com/security/cve/cve-2020-14380

Restart Required: Yes

Instructions:

1. Update Satellite to version 6.7.3 or later using 'satellite-maintain upgrade' command. 2. Restart Satellite services. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable External Authentication

linux

Temporarily disable SSO/OpenID authentication and use only local authentication

satellite-installer --foreman-authentication-methods=Internal

Restrict External Authentication Sources

all

Limit which external authentication sources can access Satellite

Configure firewall rules to restrict access to authentication servers

🧯 If You Can't Patch

Implement strict network segmentation to isolate Satellite from untrusted networks
Enable detailed authentication logging and monitor for suspicious account takeover attempts

🔍 How to Verify

Check if Vulnerable:

Check Satellite version with 'satellite-maintain health check --label version-check' and verify if external authentication is enabled

Check Version:

rpm -q satellite

Verify Fix Applied:

Verify Satellite version is 6.7.3+ and test external authentication functionality

📡 Detection & Monitoring

Log Indicators:

Multiple authentication attempts from same external user to different local accounts
Unusual privilege escalation events in Satellite logs

Network Indicators:

Unexpected authentication traffic patterns to Satellite from external sources

SIEM Query:

source="satellite" AND (event="authentication_failure" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2020-14380

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: June 2, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1873926 Issue Tracking,Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1873926 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14380, you might also want to check these: