Every CVE whose affected-product data names Theforeman Katello, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2012-3503 — CVSS 9.8 (critical): The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each…
CVE-2016-9595 — CVSS 7.3 (high): A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could…
CVE-2013-2143 — CVSS 6.5 (medium): The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action…
CVE-2018-16887 — CVSS 5.4 (medium): A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations…
CVE-2017-2662 — CVSS 4.3 (medium): A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a…
CVE-2018-14623 — CVSS 4.3 (medium): A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed…
CVE-2019-14825 — CVSS 2.7 (low): A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during…