Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-M3HQ-3QJ8-C5FM
Vulnerability from github – Published: 2026-02-02 06:30 – Updated: 2026-03-26 21:31
VLAI?
Summary
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
Details
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Severity ?
8.1 (High)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "fog-kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1530"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T21:02:03Z",
"nvd_published_at": "2026-02-02T06:16:20Z",
"severity": "HIGH"
},
"details": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.",
"id": "GHSA-m3hq-3qj8-c5fm",
"modified": "2026-03-26T21:31:19Z",
"published": "2026-02-02T06:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1530"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/pull/168"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
},
{
"type": "PACKAGE",
"url": "https://github.com/fog/fog-kubevirt"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11"
},
{
"type": "WEB",
"url": "https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation"
}
CVE-2026-1530 (GCVE-0-2026-1530)
Vulnerability from cvelistv5 – Published: 2026-02-02 05:47 – Updated: 2026-06-30 12:07
VLAI?
EPSS
Title
Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation
Summary
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.
Severity ?
8.1 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
Unaffected:
0:1.5.1-1.el8sat , < *
(rpm)
cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el9 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
This issue was discovered by Evgeni Golov (Red Hat).
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T16:26:13.539148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:28:31.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite_utils:6.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-28T12:40:37.424Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:08.334Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"name": "RHBZ#2433784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1530.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:5971: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:5970: Red Hat Satellite 6.17 for RHEL 9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T12:39:43.076Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T12:40:37.424Z",
"value": "Made public."
}
],
"title": "fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8",
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.14.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "libcomps",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.1.23-0.3.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-brotli",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.0-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-django",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.2.28-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-container",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.22.3-1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-rpm",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.27.10-2.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.3-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-katello",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-rubyipmi",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.13.0-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "satellite",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.17.7-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "yggdrasil-worker-forwarder",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.0.3-4.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.14.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "libcomps",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.1.23-0.3.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-brotli",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.0-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-django",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.2.28-0.1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-container",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.22.3-1.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "python-pulp-rpm",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.27.10-2.el9pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_kubevirt",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.4.3-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-katello",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.16.0.14-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "rubygem-rubyipmi",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.13.0-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "satellite",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.17.7-1.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_utils:6.17::el9",
"cpe:/a:redhat:satellite_maintenance:6.17::el9",
"cpe:/a:redhat:satellite:6.17::el9",
"cpe:/a:redhat:satellite_capsule:6.17::el9"
],
"defaultStatus": "affected",
"packageName": "yggdrasil-worker-forwarder",
"product": "Red Hat Satellite 6.17 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.0.3-4.el9sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"packageName": "satellite:el8/rubygem-fog-kubevirt",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Evgeni Golov (Red Hat)."
}
],
"datePublic": "2026-01-28T12:40:37.424Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T20:31:44.599Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:5970",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5970"
},
{
"name": "RHSA-2026:5971",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5971"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-1530"
},
{
"name": "RHBZ#2433784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433784"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T12:39:43.076Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T12:40:37.424Z",
"value": "Made public."
}
],
"title": "Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-295: Improper Certificate Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-1530",
"datePublished": "2026-02-02T05:47:10.049Z",
"dateReserved": "2026-01-28T12:41:52.835Z",
"dateUpdated": "2026-06-30T12:07:08.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…