CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2013-0283
https://notcve.org/view.php?id=CVE-2013-0283
Katello: Username in Notification page has cross site scripting Katello: El nombre de usuario en la página Notification presenta una vulnerabilidad de tipo cross site scripting. • https://access.redhat.com/security/cve/cve-2013-0283 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2013-2101
https://notcve.org/view.php?id=CVE-2013-2101
Katello has multiple XSS issues in various entities Katello presenta múltiples problemas de tipo XSS en varias entidades. • https://access.redhat.com/security/cve/cve-2013-2101 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14825 – katello: registry credentials are captured in plain text during repository discovery
https://notcve.org/view.php?id=CVE-2019-14825
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. Se detectó un problema de almacenamiento de contraseña en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detección de imágenes del contenedor se registraron inadvertidamente sin enmascararse. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825 https://access.redhat.com/security/cve/CVE-2019-14825 https://bugzilla.redhat.com/show_bug.cgi?id=1739485 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10198 – foreman: authorization bypasses in foreman-tasks leading to information disclosure
https://notcve.org/view.php?id=CVE-2019-10198
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task. Se descubrió una vulnerabilidad de identificación de bypass en foreman-tasks anterior a 0.15.7. anteriormente las tareas de confirmación fueron buscadas a través de find_resoruce, la cual realizó verificaciones de autorización. Después de cambiar a foreman, un usuario no identificado poder visualizar los detalles de una tarea a través de la web UI o API, si pueden descubrir o adivinar la tarea. • https://access.redhat.com/errata/RHSA-2019:3172 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10198 https://projects.theforeman.org/issues/27275 https://access.redhat.com/security/cve/CVE-2019-10198 https://bugzilla.redhat.com/show_bug.cgi?id=1729130 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3893 – foreman: Recover of plaintext password or token for the compute resources
https://notcve.org/view.php?id=CVE-2019-3893
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control over compute resources managed by foreman. Versions before 1.20.3, 1.21.1, 1.22.0 are vulnerable. En Foreman se descubrió que la operación de eliminar recursos de cálculo, cuando se ejecuta desde la API de Foreman, conduce a la revelación de la contraseña de texto plano o token para el recurso de cálculo afectado. Un usuario malicioso con el permiso "delete_compute_resource" puede utilizar este fallo para tomar el control de los recursos de cálculo gestionados por Foreman. • http://www.openwall.com/lists/oss-security/2019/04/14/2 http://www.securityfocus.com/bid/107846 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893 https://github.com/theforeman/foreman/pull/6621 https://projects.theforeman.org/issues/26450 https://access.redhat.com/security/cve/CVE-2019-3893 https://bugzilla.redhat.com/show_bug.cgi?id=1696400 • CWE-732: Incorrect Permission Assignment for Critical Resource •