CVE-2019-14825 – katello: registry credentials are captured in plain text during repository discovery
https://notcve.org/view.php?id=CVE-2019-14825
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users. Se detectó un problema de almacenamiento de contraseña en texto sin cifrar en Katello, versiones 3.x.x.x anteriores a katello 3.12.0.9. Las credenciales de registro utilizadas durante la detección de imágenes del contenedor se registraron inadvertidamente sin enmascararse. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825 https://access.redhat.com/security/cve/CVE-2019-14825 https://bugzilla.redhat.com/show_bug.cgi?id=1739485 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2018-16887 – katello: stored XSS in subscriptions and repositories pages
https://notcve.org/view.php?id=CVE-2018-16887
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. Se ha encontrado un error de Cross-Site Scripting (XSS) en el componente "katello" de Satellite. • https://access.redhat.com/errata/RHSA-2019:1222 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887 https://access.redhat.com/security/cve/CVE-2018-16887 https://bugzilla.redhat.com/show_bug.cgi?id=1645190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2662 – foreman: Managing repositories with their id via hammer does not respect the role filters
https://notcve.org/view.php?id=CVE-2017-2662
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id. Se ha detectado un fallo en la versión 3.4.5 del plugin katello de Foreman. Después de establecer un nuevo rol para permitir el acceso restringido a un repositorio con un filtro (filtro establecido en el nombre del producto), el filtro no se respeta cuando las acciones se realizan a través de hammer usando el id del repositorio. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662 https://projects.theforeman.org/issues/18838 https://access.redhat.com/security/cve/CVE-2017-2662 https://bugzilla.redhat.com/show_bug.cgi?id=1434106 • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVE-2016-9595 – katello-debug: Possible symlink attacks due to use of predictable file names
https://notcve.org/view.php?id=CVE-2016-9595
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un fallo en katello-debug en versiones anteriores a la 3.4.0, donde determinados scripts y archivos de log utilizaban archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios. A flaw was found in katello-debug where certain scripts and log files used insecure temporary files. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9595 https://access.redhat.com/security/cve/CVE-2016-9595 https://bugzilla.redhat.com/show_bug.cgi?id=1406729 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •