VYPR

Katello

by Red Hat

CVEs (2)

  • CVE-2014-3712Nov 3, 2014
    risk 0.00cvss epss 0.02

    Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is…

  • CVE-2012-6116Mar 1, 2013
    risk 0.00cvss epss 0.00

    modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.