CVE-2026-5142 PUBLISHED

Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

Assigner: redhat
Reserved: 30.03.2026 Published: 01.07.2026 Updated: 01.07.2026

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Product Status

Vendor Red Hat
Product Red Hat Satellite 6
Versions Default: affected
Vendor Red Hat
Product Red Hat Satellite 6
Versions Default: affected

Credits

  • Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.

References

Problem Types

  • Authorization Bypass Through User-Controlled Key CWE