Katello

katello

6 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Katello Configure

katello-configure

Katello Installer

katello_installer

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4201 1Katello 1Katello Nov 21, 2024 May 1, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVE-2016-3072 2Katello Redhat 2Katello Satellite May 6, 2026 Jun 7, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by o...Show more Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.Show less
CVE-2014-3712 1Katello 1Katello May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in...Show more Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.Show less
CVE-2013-4455 1Katello 1Katello Installer May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
CVE-2012-6116 1Katello 2Katello Katello Configure Apr 29, 2026 Mar 1, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writin...Show more modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.Show less
CVE-2012-5561 1Katello 1Katello Apr 29, 2026 Mar 1, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.