Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2024-4812
Disclosure Date: June 05, 2024 (last updated June 19, 2024)
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
0
Attacker Value
Unknown
CVE-2013-4201
Disclosure Date: May 01, 2018 (last updated November 26, 2024)
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
0
Attacker Value
Unknown
CVE-2016-3072
Disclosure Date: June 07, 2016 (last updated November 25, 2024)
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
0
Attacker Value
Unknown
CVE-2014-3712
Disclosure Date: November 03, 2014 (last updated October 05, 2023)
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.
0
Attacker Value
Unknown
CVE-2013-4455
Disclosure Date: May 14, 2014 (last updated October 05, 2023)
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
0
Attacker Value
Unknown
CVE-2012-5561
Disclosure Date: March 01, 2013 (last updated October 05, 2023)
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
0
Attacker Value
Unknown
CVE-2012-6116
Disclosure Date: March 01, 2013 (last updated October 05, 2023)
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
0