katello 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-4201 | Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | [email protected] | 4.3 | 0.08% | 2018-05-01 | 2024-11-21 |
| CVE-2016-3072 | Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. | [email protected] | 8.8 | 0.39% | 2016-06-07 | 2026-05-06 |
| CVE-2014-3712 | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method. | [email protected] | 5.0 | 0.61% | 2014-11-03 | 2026-05-06 |
| CVE-2013-4455 | Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file. | [email protected] | 2.1 | 0.04% | 2014-05-14 | 2026-05-06 |
| CVE-2012-6116 | modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | [email protected] | 2.1 | 0.07% | 2013-03-01 | 2026-04-29 |
| CVE-2012-5561 | script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. | [email protected] | 2.1 | 0.05% | 2013-03-01 | 2026-04-29 |