CVE-2013-4120
https://notcve.org/view.php?id=CVE-2013-4120
Katello has a Denial of Service vulnerability in API OAuth authentication Katello tiene una vulnerabilidad de denegación de servicio en la autenticación de la API OAuth. • https://access.redhat.com/security/cve/cve-2013-4120 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120 • CWE-400: Uncontrolled Resource Consumption •
CVE-2013-0283
https://notcve.org/view.php?id=CVE-2013-0283
Katello: Username in Notification page has cross site scripting Katello: El nombre de usuario en la página Notification presenta una vulnerabilidad de tipo cross site scripting. • https://access.redhat.com/security/cve/cve-2013-0283 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2101
https://notcve.org/view.php?id=CVE-2013-2101
Katello has multiple XSS issues in various entities Katello presenta múltiples problemas de tipo XSS en varias entidades. • https://access.redhat.com/security/cve/cve-2013-2101 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14825 – katello: registry credentials are captured in plain text during repository discovery
https://notcve.org/view.php?id=CVE-2019-14825
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. Se detectó un problema de almacenamiento de contraseña en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detección de imágenes del contenedor se registraron inadvertidamente sin enmascararse. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825 https://access.redhat.com/security/cve/CVE-2019-14825 https://bugzilla.redhat.com/show_bug.cgi?id=1739485 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2018-16887 – katello: stored XSS in subscriptions and repositories pages
https://notcve.org/view.php?id=CVE-2018-16887
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. Se ha encontrado un error de Cross-Site Scripting (XSS) en el componente "katello" de Satellite. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887 https://access.redhat.com/security/cve/CVE-2018-16887 https://bugzilla.redhat.com/show_bug.cgi?id=1645190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •