Описание
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Subscription Asset Manager | katello | Will not fix | ||
| Red Hat Satellite 6.3 for RHEL 7 | candlepin | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-discovery-image | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | hiera | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | katello | Fixed | RHSA-2018:0336 | 21.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.
EPSS
4.3 Medium
CVSS3