CVE-2013-4201
- EPSS 0.12%
- Veröffentlicht 01.05.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 01:55:07
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVE-2016-3072
- EPSS 0.86%
- Veröffentlicht 07.06.2016 18:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
- EPSS 0.61%
- Veröffentlicht 03.11.2014 16:55:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/c...
CVE-2012-5561
- EPSS 0.05%
- Veröffentlicht 01.03.2013 05:40:16
- Zuletzt bearbeitet 11.04.2025 00:51:21
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
CVE-2012-6116
- EPSS 0.03%
- Veröffentlicht 01.03.2013 05:40:16
- Zuletzt bearbeitet 11.04.2025 00:51:21
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.