Lucene search

Katello uses hard coded credential

🗓️ 17 May 2022 05:13:13Reported by GitHub Advisory DatabaseType

Katello installation script generates the same secret token, allowing remote authenticatio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
OSV	Katello uses hard coded credential	17 May 202205:13	–	osv
Prion	Default configuration	25 Aug 201210:29	–	prion
Tenable Nessus	RHEL 6 : katello (RHSA-2012:1187)	24 Jan 201300:00	–	nessus
Tenable Nessus	RHEL 6 : katello (RHSA-2012:1186)	27 Apr 202400:00	–	nessus
Veracode	Authentication Bypass	15 Jan 201908:56	–	veracode
NVD	CVE-2012-3503	25 Aug 201210:29	–	nvd
RubySec	Katello uses hard coded credential	16 May 202221:00	–	rubygems
RedHat Linux	(RHSA-2012:1187) Important: katello security update	21 Aug 201200:00	–	redhat
Cvelist	CVE-2012-3503	25 Aug 201210:00	–	cvelist
CVE	CVE-2012-3503	25 Aug 201210:29	–	cve

Vulners

Node

katello katelloRange1.1.0–1.1.7

katello katelloRange<1.0.6

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-3503
github	www.github.com/Katello/katello/pull/499
github	www.github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3
rhn	www.rhn.redhat.com/errata/RHSA-2012-1186.html
rhn	www.rhn.redhat.com/errata/RHSA-2012-1187.html
web	www.web.archive.org/web/20140806122239/http://secunia.com/advisories/50344
web	www.web.archive.org/web/20200229120740/http://www.securityfocus.com/bid/55140
github	www.github.com/advisories/GHSA-5xv2-q475-rwrh
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2012-3503.yml

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 05:13Current

9.6High risk

Vulners AI Score9.6

CVSS26.5

CVSS39.8

EPSS0.02938

CWE-798