Katello
by Theforeman
Source repositories
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3503 | Cri | 0.57 | 9.8 | 0.03 | Aug 25, 2012 | The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web… | ||
| CVE-2016-3072 | Hig | 0.50 | 8.8 | 0.02 | Jun 7, 2016 | Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | ||
| CVE-2016-9595 | Hig | 0.40 | 7.3 | 0.00 | Jul 27, 2018 | A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | ||
| CVE-2013-4201 | Med | 0.28 | 4.3 | 0.01 | May 1, 2018 | Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||
| CVE-2026-12515 | mod | 0.21 | 4.3 | 0.00 | Jun 17, 2026 | katello: missing repository authorization in content_uploads exposes cross-product content existence | ||
| CVE-2013-2143 | 0.07 | — | 0.48 | Apr 17, 2014 | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | |||
| CVE-2024-4812 | 0.00 | — | 0.00 | Jun 5, 2024 | A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections. | |||
| CVE-2014-0183 | 0.00 | — | 0.01 | Jan 2, 2020 | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | |||
| CVE-2013-4120 | 0.00 | — | 0.01 | Dec 10, 2019 | Katello has a Denial of Service vulnerability in API OAuth authentication | |||
| CVE-2013-0283 | 0.00 | — | 0.01 | Dec 5, 2019 | Katello: Username in Notification page has cross site scripting | |||
| CVE-2013-2101 | 0.00 | — | 0.01 | Dec 3, 2019 | Katello has multiple XSS issues in various entities | |||
| CVE-2018-14623 | 0.00 | — | 0.01 | Dec 13, 2018 | A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version… | |||
| CVE-2014-3712 | 0.00 | — | 0.02 | Nov 3, 2014 | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is… | |||
| CVE-2012-6116 | 0.00 | — | 0.00 | Mar 1, 2013 | modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | |||
| CVE-2012-5561 | 0.00 | — | 0.00 | Mar 1, 2013 | script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. |
- risk 0.57cvss 9.8epss 0.03
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web…
- risk 0.50cvss 8.8epss 0.02
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
- risk 0.40cvss 7.3epss 0.00
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
- risk 0.28cvss 4.3epss 0.01
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
- risk 0.21cvss 4.3epss 0.00
katello: missing repository authorization in content_uploads exposes cross-product content existence
- CVE-2013-2143Apr 17, 2014risk 0.07cvss —epss 0.48
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
- CVE-2024-4812Jun 5, 2024risk 0.00cvss —epss 0.00
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
- CVE-2014-0183Jan 2, 2020risk 0.00cvss —epss 0.01
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.
- CVE-2013-4120Dec 10, 2019risk 0.00cvss —epss 0.01
Katello has a Denial of Service vulnerability in API OAuth authentication
- CVE-2013-0283Dec 5, 2019risk 0.00cvss —epss 0.01
Katello: Username in Notification page has cross site scripting
- CVE-2013-2101Dec 3, 2019risk 0.00cvss —epss 0.01
Katello has multiple XSS issues in various entities
- CVE-2018-14623Dec 13, 2018risk 0.00cvss —epss 0.01
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version…
- CVE-2014-3712Nov 3, 2014risk 0.00cvss —epss 0.02
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is…
- CVE-2012-6116Mar 1, 2013risk 0.00cvss —epss 0.00
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
- CVE-2012-5561Mar 1, 2013risk 0.00cvss —epss 0.00
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.