Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/katello@3.9.0

Type gem

Namespace

Name katello

Version 3.9.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.19.1

Latest_non_vulnerable_version 4.19.1

Affected_by_vulnerabilities

url VCID-e8ue-zdcp-v3a4

vulnerability_id VCID-e8ue-zdcp-v3a4

summary

SQL Injection
An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:0336

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0336

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14623.json

reference_url

https://access.redhat.com/security/cve/CVE-2018-14623

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2018-14623

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14623

reference_id

reference_type

scores

value	0.00137
scoring_system	epss
scoring_elements	0.33364
published_at	2026-06-04T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33466
published_at	2026-06-05T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33482
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14623

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623

reference_url

https://github.com/Katello/katello

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml

reference_url

https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224

reference_url	http://www.securityfocus.com/bid/106224
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106224

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1623719

reference_id

1623719

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1623719

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14623

reference_id

CVE-2018-14623

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14623

reference_url

https://github.com/advisories/GHSA-527r-mfmj-prqf

reference_id

GHSA-527r-mfmj-prqf

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-527r-mfmj-prqf

reference_url

https://github.com/advisories/GHSA-jx5v-788g-qw58

reference_id

GHSA-jx5v-788g-qw58

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jx5v-788g-qw58

fixed_packages

url pkg:gem/katello@3.10.1

purl pkg:gem/katello@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jmx5-8993-kqeh

vulnerability	VCID-t9wp-hkhy-eyby

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/katello@3.10.1

aliases CVE-2018-14623, GHSA-jx5v-788g-qw58

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ue-zdcp-v3a4

url VCID-jmx5-8993-kqeh

vulnerability_id VCID-jmx5-8993-kqeh

summary

Katello cleartext password storage issue
A cleartext password storage issue was discovered in Katello, versions
3.x.x.x before katello 3.12.2. Registry credentials used during container image
discovery were inadvertently logged without being masked. This flaw could expose
the registry credentials to other privileged users.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3172

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3172

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json

reference_id

reference_type

scores

value	4.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json

reference_url

https://access.redhat.com/security/cve/CVE-2019-14825

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2019-14825

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14825

reference_id

reference_type

scores

value	0.00152
scoring_system	epss
scoring_elements	0.35724
published_at	2026-06-06T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35713
published_at	2026-06-05T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35611
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14825

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1730668

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1730668

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825

reference_url

https://github.com/Katello/katello

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello

reference_url

https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79

reference_url

https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea

reference_url

https://github.com/Katello/katello/commits/3.12.2

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/commits/3.12.2

reference_url

https://github.com/Katello/katello/pull/8244

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/pull/8244

reference_url

https://github.com/Katello/katello/pull/8253

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/pull/8253

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14825

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14825

reference_url

https://projects.theforeman.org/issues/27485

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://projects.theforeman.org/issues/27485

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1739485

reference_id

1739485

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1739485

reference_url	https://github.com/advisories/GHSA-m4wh-848j-9w2r
reference_id	GHSA-m4wh-848j-9w2r
reference_type
scores
url	https://github.com/advisories/GHSA-m4wh-848j-9w2r

fixed_packages

url pkg:gem/katello@3.12.2

purl pkg:gem/katello@3.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-t9wp-hkhy-eyby

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/katello@3.12.2

aliases CVE-2019-14825, GHSA-m4wh-848j-9w2r

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmx5-8993-kqeh

url VCID-t9wp-hkhy-eyby

vulnerability_id VCID-t9wp-hkhy-eyby

summary

Katello - Denial of Service and potential information disclosure via SQL injection'
A flaw was found in the Katello plugin for Red Hat Satellite. This
vulnerability, caused by improper sanitization of user-provided
input, allows a remote attacker to inject arbitrary SQL commands
into the sort_by parameter of the /api/hosts/bootc_images API
endpoint. This can lead to a Denial of Service (DoS) by triggering
database errors, and potentially enable Boolean-based Blind SQL
injection, which could allow an attacker to extract sensitive
information from the database.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:5968

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/

url

https://access.redhat.com/errata/RHSA-2026:5968

reference_url

https://access.redhat.com/errata/RHSA-2026:5970

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/

url

https://access.redhat.com/errata/RHSA-2026:5970

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-4324

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/

url

https://access.redhat.com/security/cve/CVE-2026-4324

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4324

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.29805
published_at	2026-06-06T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.29842
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4324

reference_url

https://github.com/Katello/katello

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello

reference_url

https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-4324

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-4324

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2448349

reference_id

2448349

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2448349

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id	cpe:/a:redhat:satellite:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9
reference_id	cpe:/a:redhat:satellite:6.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9
reference_id	cpe:/a:redhat:satellite:6.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.19::el9
reference_id	cpe:/a:redhat:satellite:6.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9
reference_id	cpe:/a:redhat:satellite_capsule:6.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9
reference_id	cpe:/a:redhat:satellite_capsule:6.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.19::el9
reference_id	cpe:/a:redhat:satellite_capsule:6.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_id	cpe:/a:redhat:satellite_maintenance:6.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.19::el9
reference_id	cpe:/a:redhat:satellite_maintenance:6.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9
reference_id	cpe:/a:redhat:satellite_utils:6.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9
reference_id	cpe:/a:redhat:satellite_utils:6.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.19::el9
reference_id	cpe:/a:redhat:satellite_utils:6.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.19::el9

reference_url	https://github.com/advisories/GHSA-fwj4-6wgp-mpxm
reference_id	GHSA-fwj4-6wgp-mpxm
reference_type
scores
url	https://github.com/advisories/GHSA-fwj4-6wgp-mpxm

reference_url

https://access.redhat.com/errata/RHSA-2026:22326

reference_id

RHSA-2026:22326

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/

url

https://access.redhat.com/errata/RHSA-2026:22326

fixed_packages

url	pkg:gem/katello@4.19.1
purl	pkg:gem/katello@4.19.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/katello@4.19.1

aliases CVE-2026-4324, GHSA-fwj4-6wgp-mpxm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9wp-hkhy-eyby

Fixing_vulnerabilities

url VCID-fzyw-c2ya-r7aw

vulnerability_id VCID-fzyw-c2ya-r7aw

summary

Cross-site Scripting
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1222

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1222

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16887

reference_id

reference_type

scores

value	0.00346
scoring_system	epss
scoring_elements	0.57421
published_at	2026-06-06T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57359
published_at	2026-06-04T12:55:00Z

value	0.00346
scoring_system	epss
scoring_elements	0.57412
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16887

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887

reference_url

https://github.com/Katello/katello

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Katello/katello

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1645190
reference_id	1645190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1645190

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16887

reference_id

CVE-2018-16887

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16887

fixed_packages

url pkg:gem/katello@3.9.0

purl pkg:gem/katello@3.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e8ue-zdcp-v3a4

vulnerability	VCID-jmx5-8993-kqeh

vulnerability	VCID-t9wp-hkhy-eyby

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/katello@3.9.0

aliases CVE-2018-16887, GHSA-mhhc-r88h-2qrm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzyw-c2ya-r7aw

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/katello@3.9.0

Package Instance