Known Vulnerabilities for products from Katello
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Katello".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2016-3072 | Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in K... | 8.8 - HIGH | 2016-06-07 | 2023-02-12 |
| CVE-2014-3712 | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_uti... | 5 - MEDIUM | 2014-11-03 | 2017-09-02 |
| CVE-2013-4455 | Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a ch... | 2.1 - LOW | 2014-05-14 | 2014-05-15 |
| CVE-2013-4201 | Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove sys... | 4.3 - MEDIUM | 2018-05-01 | 2023-02-13 |
| CVE-2013-2143 | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_role... | 6.5 - MEDIUM | 2014-04-17 | 2021-07-16 |
| CVE-2012-6116 | modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Can... | 2.1 - LOW | 2013-03-01 | 2013-04-04 |
| CVE-2012-5561 | script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which a... | 2.1 - LOW | 2013-03-01 | 2013-03-01 |
| CVE-2012-3503 | The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, whic... | 6.5 - MEDIUM | 2012-08-25 | 2013-03-22 |
Known software with vulnerabilities from Katello
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Katello | Katello | 1.5.0-14 |
| Application | Katello | Katello Installer | 0.0.1 |