VulnerableCode Package Details - pkg:gem/katello@3.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-asqu-5r9h-9yav Aliases: CVE-2018-14623 GHSA-jx5v-788g-qw58	SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.	3.10.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bsbd-bsbq-7qdk Aliases: CVE-2019-14825 GHSA-m4wh-848j-9w2r	Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.	3.12.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ftzy-9uny-byfb Aliases: CVE-2018-16887 GHSA-mhhc-r88h-2qrm	Cross-site Scripting A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable.	3.9.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zqkc-zwfa-1qfx Aliases: CVE-2026-4324 GHSA-fwj4-6wgp-mpxm	Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.	4.19.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-asqu-5r9h-9yav
Aliases:
CVE-2018-14623
GHSA-jx5v-788g-qw58

SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.

3.10.1
Affected by 2 other vulnerabilities.

VCID-bsbd-bsbq-7qdk
Aliases:
CVE-2019-14825
GHSA-m4wh-848j-9w2r

Katello cleartext password storage issue A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

3.12.2
Affected by 1 other vulnerability.

VCID-ftzy-9uny-byfb
Aliases:
CVE-2018-16887
GHSA-mhhc-r88h-2qrm

Cross-site Scripting A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable.

3.9.0
Affected by 3 other vulnerabilities.

VCID-zqkc-zwfa-1qfx
Aliases:
CVE-2026-4324
GHSA-fwj4-6wgp-mpxm

Katello: Denial of Service and potential information disclosure via SQL injection A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.

4.19.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T18:06:58.526509+00:00	GitLab Importer	Affected by	VCID-zqkc-zwfa-1qfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2026-4324.yml	38.4.0
2026-04-16T21:56:31.098984+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.4.0
2026-04-16T20:51:10.011970+00:00	GitLab Importer	Affected by	VCID-ftzy-9uny-byfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-16887.yml	38.4.0
2026-04-16T20:50:35.737129+00:00	GitLab Importer	Affected by	VCID-asqu-5r9h-9yav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-14623.yml	38.4.0
2026-04-11T23:11:54.833103+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.3.0
2026-04-11T22:01:53.184389+00:00	GitLab Importer	Affected by	VCID-ftzy-9uny-byfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-16887.yml	38.3.0
2026-04-11T22:01:14.366281+00:00	GitLab Importer	Affected by	VCID-asqu-5r9h-9yav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-14623.yml	38.3.0
2026-04-02T23:20:19.206196+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.1.0
2026-04-02T22:14:54.271375+00:00	GitLab Importer	Affected by	VCID-ftzy-9uny-byfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-16887.yml	38.1.0
2026-04-02T22:14:17.576440+00:00	GitLab Importer	Affected by	VCID-asqu-5r9h-9yav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-14623.yml	38.1.0
2026-04-01T17:40:54.252808+00:00	GitLab Importer	Affected by	VCID-bsbd-bsbq-7qdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2019-14825.yml	38.0.0
2026-04-01T16:32:26.359307+00:00	GitLab Importer	Affected by	VCID-ftzy-9uny-byfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-16887.yml	38.0.0
2026-04-01T16:31:46.492432+00:00	GitLab Importer	Affected by	VCID-asqu-5r9h-9yav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-14623.yml	38.0.0