Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Katello'
2019-12-10
CVE-2013-4120
CWE-400
Katello has a Denial of Service vulnerability in API OAuth authentication
2019-12-05
CVE-2013-0283
CWE-79
Katello: Username in Notification page has cross site scripting
2019-12-03
CVE-2013-2101
CWE-79
Katello has multiple XSS issues in various entities
2019-11-25
CVE-2019-14825
CWE-319
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
2019-01-12
CVE-2018-16887
CWE-79
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.
2018-12-13
CVE-2018-14623
CWE-89
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
2018-08-22
CVE-2017-2662
CWE-269
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
2018-07-27
CVE-2016-9595
CWE-59
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
>>>
Vendor:
Theforeman
9
Products
Katello
Foreman
KAFO
Foreman-tasks
Hammer cli
Foreman azurerm
Smart proxy shell hooks
Foremanfogproxmox
Smart proxy salt
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Katello' 