VulnerableCode Package Details - pkg:gem/katello@3.11.0.rc1

Search for packages

Vulnerability	Summary	Fixed by
VCID-bsbd-bsbq-7qdk Aliases: CVE-2019-14825 GHSA-m4wh-848j-9w2r	Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.	3.12.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zqkc-zwfa-1qfx Aliases: CVE-2026-4324 GHSA-fwj4-6wgp-mpxm	Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.	4.19.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bsbd-bsbq-7qdk
Aliases:
CVE-2019-14825
GHSA-m4wh-848j-9w2r

Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

3.12.2
Affected by 1 other vulnerability.

VCID-zqkc-zwfa-1qfx
Aliases:
CVE-2026-4324
GHSA-fwj4-6wgp-mpxm

Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.

4.19.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T18:06:58.609639+00:00	GitLab Importer	Affected by	VCID-zqkc-zwfa-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2026-4324.yml	38.4.0
2026-04-16T21:56:31.172407+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.4.0
2026-04-11T23:11:54.916209+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.3.0
2026-04-02T23:20:19.277137+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.1.0
2026-04-01T17:40:54.340971+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.0.0