Known Vulnerabilities for products from Katello
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Katello".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2016-3072 json | Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in K... | 8.8 - HIGH | 2016-06-07 | 2023-02-12 |
| CVE-2014-3712 json | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_uti... | 5 - MEDIUM | 2014-11-03 | 2017-09-02 |
| CVE-2013-4455 json | Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a ch... | 2.1 - LOW | 2014-05-14 | 2014-05-15 |
| CVE-2013-4201 json | Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove sys... | 4.3 - MEDIUM | 2018-05-01 | 2023-02-13 |
| CVE-2013-2143 json | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_role... | 6.5 - MEDIUM | 2014-04-17 | 2021-07-16 |
| CVE-2012-6116 json | modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Can... | 2.1 - LOW | 2013-03-01 | 2013-04-04 |
| CVE-2012-5561 json | script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which a... | 2.1 - LOW | 2013-03-01 | 2013-03-01 |
| CVE-2012-3503 json | The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, whic... | 6.5 - MEDIUM | 2012-08-25 | 2013-03-22 |
Known software with vulnerabilities from Katello
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Katello | Katello | 1.5.0-14 |
| Application | Katello | Katello Installer | 0.0.1 |