CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16887 – katello: stored XSS in subscriptions and repositories pages
https://notcve.org/view.php?id=CVE-2018-16887
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. Se ha encontrado un error de Cross-Site Scripting (XSS) en el componente "katello" de Satellite. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887 https://access.redhat.com/security/cve/CVE-2018-16887 https://bugzilla.redhat.com/show_bug.cgi?id=1645190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9595 – katello-debug: Possible symlink attacks due to use of predictable file names
https://notcve.org/view.php?id=CVE-2016-9595
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un fallo en katello-debug en versiones anteriores a la 3.4.0, donde determinados scripts y archivos de log utilizaban archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios. A flaw was found in katello-debug where certain scripts and log files used insecure temporary files. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9595 https://access.redhat.com/security/cve/CVE-2016-9595 https://bugzilla.redhat.com/show_bug.cgi?id=1406729 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 6.5EPSS: 76%CPEs: 2EXPL: 4CVE-2013-2143 – Katello (RedHat Satellite) - users/update_roles Missing Authorisation
https://notcve.org/view.php?id=CVE-2013-2143
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. El controlador de usuarios en Katello 1.5.0-14 y anteriores, y Red Hat Satellite, no comprueba autorización para la acción update_roles, lo que permite a usuarios remotos autenticados ganar privilegios mediante la configuración de una cuenta de usuario hacia una cuenta de administrador. • https://www.exploit-db.com/exploits/32515 http://packetstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.html http://www.exploit-db.com/exploits/32515 http://www.osvdb.org/104981 http://www.securityfocus.com/bid/66434 https://bugzilla.redhat.com/show_bug.cgi?id=970849 • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5561 – Katello: /etc/katello/secure/passphrase is world readable
https://notcve.org/view.php?id=CVE-2012-5561
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. script/katello-generate-passphrase en Katello v1.1 usa permisos de lectura para todo el mundo para /etc/katello/secure/passphrase, que permite a usuarios locales obtener la contraseña leyendo el fichero. • http://rhn.redhat.com/errata/RHSA-2013-0544.html http://rhn.redhat.com/errata/RHSA-2013-0547.html https://bugzilla.redhat.com/show_bug.cgi?id=879094 https://github.com/Katello/katello/pull/1349 https://access.redhat.com/security/cve/CVE-2012-5561 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •