Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Katello Security Vulnerabilities

cve
cve

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-05 03:15 PM
23
cve
cve

CVE-2013-4201

Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system"...

4.3CVSS

4.4AI Score

0.001EPSS

2018-05-01 07:29 PM
17
cve
cve

CVE-2016-3072

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order...

8.8CVSS

7.3AI Score

0.002EPSS

2016-06-07 06:59 PM
38
cve
cve

CVE-2013-2101

Katello has multiple XSS issues in various...

5.4CVSS

5.2AI Score

0.001EPSS

2019-12-03 02:15 PM
22
cve
cve

CVE-2014-0183

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when...

6.1CVSS

5.9AI Score

0.001EPSS

2020-01-02 08:15 PM
63
cve
cve

CVE-2014-0026

katello-headpin is vulnerable to CSRF in REST...

6.5CVSS

6.4AI Score

0.001EPSS

2019-12-11 03:15 PM
25
cve
cve

CVE-2013-4120

Katello has a Denial of Service vulnerability in API OAuth...

7.5CVSS

7.6AI Score

0.001EPSS

2019-12-10 03:15 PM
24
cve
cve

CVE-2013-0283

Katello: Username in Notification page has cross site...

5.4CVSS

5.4AI Score

0.001EPSS

2019-12-05 05:15 PM
19
cve
cve

CVE-2018-16887

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

5.4CVSS

5.4AI Score

0.001EPSS

2019-01-13 02:29 AM
47
cve
cve

CVE-2014-3712

Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the...

6.9AI Score

0.01EPSS

2014-11-03 04:55 PM
24
cve
cve

CVE-2013-4455

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the...

6.4AI Score

0.0004EPSS

2014-05-14 07:55 PM
17
cve
cve

CVE-2012-6116

modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this...

6.2AI Score

0.0004EPSS

2013-03-01 05:40 AM
24
cve
cve

CVE-2012-5561

script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the...

6.3AI Score

0.0004EPSS

2013-03-01 05:40 AM
27