File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -41,5 +41,6 @@ This database would not be possible without volunteers willing to submit pull re
4141* [ Adrian Hirt] ( https://github.com/Adrian-Hirt )
4242* [ Huda Kharrufa] ( https://github.com/hudakh )
4343* [ Mike Dalessio] ( https://github.com/flavorjones )
44+ * [ Dennis Paagman] ( https://github.com/dennispaagman )
4445
4546The rubysec.com domain was graciously donated by [ Jordi Massaguer] ( https://github.com/jordimassaguerpla ) .
Original file line number Diff line number Diff line change 1+ ---
2+ gem : katello
3+ cve : 2026-12515
4+ ghsa : c43c-rf7g-5xpg
5+ url : https://nvd.nist.gov/vuln/detail/CVE-2026-12515
6+ title : katello - missing repository authorization in content_uploads
7+ exposes cross-product content existence
8+ date : 2026-06-17
9+ description : |
10+ A flaw was found in Katello's of Red Hat Satellite. A content upload
11+ functionality where insufficient authorization checks in the
12+ ContentUploadsController allowed users with the edit_products
13+ permission to query content information for repositories outside
14+ the products they were authorized to manage. An authenticated attacker
15+ could exploit this issue to determine whether specific content
16+ exists within repositories that should otherwise be inaccessible.
17+ This issue does not allow unauthorized modification, import, or
18+ publication of content.
19+ cvss_v3 : 4.3
20+ patched_versions :
21+ - " >= 4.21.0.rc1"
22+ related :
23+ url :
24+ - https://nvd.nist.gov/vuln/detail/CVE-2026-12515
25+ - https://rubygems.org/gems/katello/versions/4.21.0
26+ - https://github.com/Katello/katello/pull/11712
27+ - https://access.redhat.com/security/cve/CVE-2026-12515
28+ - https://bugzilla.redhat.com/show_bug.cgi?id=2489812
29+ - https://github.com/advisories/GHSA-c43c-rf7g-5xpg
30+ notes : |
31+ - cvss_v3 from nist reference; no cvss_v2 or cvss_v4 values
You can’t perform that action at this time.
0 commit comments