Foreman Katello 1.3.24-1

CPE Details

Foreman Katello 1.3.24-1
theforeman
katello
1.3.24-1
2019-02-06
15h20 +00:00
2019-02-06
15h20 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:theforeman:katello:1.3.24-1:*:*:*:*:*:*:*

Informations

Vendor

theforeman

Product

katello

Version

1.3.24-1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-16887 2019-01-13 01h00 +00:00 A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.
5.4
Medium
CVE-2016-9595 2018-07-27 16h00 +00:00 A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
7.3
High
CVE-2013-2143 2014-04-17 12h00 +00:00 The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
6.5