Skip to content

Commit 092d519

Browse files
authored
GHSA/SYNC: 1 new advisory; Added new contributer (#1127)
1 parent f4a608c commit 092d519

2 files changed

Lines changed: 32 additions & 0 deletions

File tree

CONTRIBUTORS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,6 @@ This database would not be possible without volunteers willing to submit pull re
4141
* [Adrian Hirt](https://github.com/Adrian-Hirt)
4242
* [Huda Kharrufa](https://github.com/hudakh)
4343
* [Mike Dalessio](https://github.com/flavorjones)
44+
* [Dennis Paagman](https://github.com/dennispaagman)
4445

4546
The rubysec.com domain was graciously donated by [Jordi Massaguer](https://github.com/jordimassaguerpla).

gems/katello/CVE-2026-12515.yml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
---
2+
gem: katello
3+
cve: 2026-12515
4+
ghsa: c43c-rf7g-5xpg
5+
url: https://nvd.nist.gov/vuln/detail/CVE-2026-12515
6+
title: katello - missing repository authorization in content_uploads
7+
exposes cross-product content existence
8+
date: 2026-06-17
9+
description: |
10+
A flaw was found in Katello's of Red Hat Satellite. A content upload
11+
functionality where insufficient authorization checks in the
12+
ContentUploadsController allowed users with the edit_products
13+
permission to query content information for repositories outside
14+
the products they were authorized to manage. An authenticated attacker
15+
could exploit this issue to determine whether specific content
16+
exists within repositories that should otherwise be inaccessible.
17+
This issue does not allow unauthorized modification, import, or
18+
publication of content.
19+
cvss_v3: 4.3
20+
patched_versions:
21+
- ">= 4.21.0.rc1"
22+
related:
23+
url:
24+
- https://nvd.nist.gov/vuln/detail/CVE-2026-12515
25+
- https://rubygems.org/gems/katello/versions/4.21.0
26+
- https://github.com/Katello/katello/pull/11712
27+
- https://access.redhat.com/security/cve/CVE-2026-12515
28+
- https://bugzilla.redhat.com/show_bug.cgi?id=2489812
29+
- https://github.com/advisories/GHSA-c43c-rf7g-5xpg
30+
notes: |
31+
- cvss_v3 from nist reference; no cvss_v2 or cvss_v4 values

0 commit comments

Comments
 (0)