katello (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package katello, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2012-3503 — CVSS 9.8 (critical): The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each…
CVE-2016-3072 — CVSS 8.8 (high): Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow…
CVE-2026-4324 — CVSS 5.4 (medium): A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input…
CVE-2018-16887 — CVSS 5.4 (medium): A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations…
CVE-2017-2662 — CVSS 4.3 (medium): A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a…
CVE-2026-12515 — CVSS 4.3 (medium): A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the…
CVE-2018-14623 — CVSS 4.3 (medium): A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed…
CVE-2019-14825 — CVSS 2.7 (low): A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during…