GHSA-jx5v-788g-qw58

Source

https://github.com/advisories/GHSA-jx5v-788g-qw58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jx5v-788g-qw58/GHSA-jx5v-788g-qw58.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jx5v-788g-qw58

Aliases

CVE-2018-14623

Published

2022-05-13T01:34:32Z

Modified

2023-11-08T03:59:55.831071Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

katello SQL Injection vulnerability

Details

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.

References

Affected packages

RubyGems / katello

Package

Name: katello
Purl: pkg:gem/katello

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.10

Affected versions

1.*

1.5.0

2.*

2.2.2

2.4.0.rc1

2.4.0.rc2

2.4.0.rc3

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

3.*

3.0.0.rc1

3.0.0.rc2

3.0.0.rc3

3.0.0.rc4

3.0.0.rc5

3.0.0.rc7

3.0.0

3.0.1

3.0.2

3.1.0.rc1

3.1.0.rc2.1

3.1.0

3.1.0.1

3.2.0.rc1

3.2.0.rc1.1

3.2.0.rc2

3.2.0.rc3

3.2.0

3.2.1

3.2.1.1

3.3.0.rc1

3.3.0.rc1.1

3.3.0.rc2

3.3.0

3.3.0.1

3.3.1

3.3.1.1

3.3.2

3.4.0.rc1

3.4.0.rc2

3.4.0

3.4.0.1

3.4.0.2

3.4.1

3.4.2

3.4.4

3.4.5

3.5.0.rc1

3.5.0.rc2

3.5.0

3.5.0.1

3.5.1

3.5.1.1

3.5.2

3.6.0.rc1

3.6.0.rc2

3.6.0

3.6.0.1.rc2

3.7.0.rc1

3.7.0.rc2

3.7.0

3.7.1

3.7.1.1

3.8.0.rc1

3.8.0.rc2

3.8.0.rc3

3.8.0

3.8.1

3.9.0.rc1

3.9.0.rc2

3.9.0

3.9.1

3.10.0.rc1

3.10.0.rc1.1

3.10.0