Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4s55-nubs-kyfw
Vulnerability ID VCID-4s55-nubs-kyfw
Aliases CVE-2018-14623
GHSA-jx5v-788g-qw58
Summary SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-209 Generation of Error Message Containing Sensitive Information
System Score Found at
cvssv3.1 4.3 https://access.redhat.com/errata/RHSA-2018:0336
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:0336
cvssv3.1 4.3 https://access.redhat.com/security/cve/CVE-2018-14623
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2018-14623
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2018-14623
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=1623719
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1623719
cvssv3 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
cvssv3.1 4.3 https://github.com/advisories/GHSA-527r-mfmj-prqf
generic_textual MODERATE https://github.com/advisories/GHSA-527r-mfmj-prqf
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jx5v-788g-qw58
cvssv3.1 4.3 https://github.com/Katello/katello
generic_textual MODERATE https://github.com/Katello/katello
cvssv3.1 4.3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-14623
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2018-14623
cvssv3.1 4.3 https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
generic_textual MODERATE https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:0336
https://api.first.org/data/v1/epss?cve=CVE-2018-14623
https://bugzilla.redhat.com/show_bug.cgi?id=1623719
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
https://github.com/Katello/katello
https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
http://www.securityfocus.com/bid/106224
CVE-2018-14623 https://access.redhat.com/security/cve/CVE-2018-14623
CVE-2018-14623 https://nvd.nist.gov/vuln/detail/CVE-2018-14623
CVE-2018-14623.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
GHSA-527r-mfmj-prqf https://github.com/advisories/GHSA-527r-mfmj-prqf
GHSA-jx5v-788g-qw58 https://github.com/advisories/GHSA-jx5v-788g-qw58
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2018:0336
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2018-14623
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1623719
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14623
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/advisories/GHSA-527r-mfmj-prqf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/Katello/katello
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-14623.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14623
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20200227100255/http://www.securityfocus.com/bid/106224
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.33404
EPSS Score 0.00137
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:54:35.793129+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/katello/CVE-2018-14623.yml 38.6.0