What is the severity of REDHAT-BUG-1322050?

The severity of REDHAT-BUG-1322050 is classified as high due to the potential for authenticated SQL injection.

How do I fix REDHAT-BUG-1322050?

To mitigate REDHAT-BUG-1322050, you should update Katello to the latest patched version that addresses this vulnerability.

What software is affected by REDHAT-BUG-1322050?

REDHAT-BUG-1322050 affects the Katello project, specifically the versions that utilize scoped search parameters.

How can I check if my system is vulnerable to REDHAT-BUG-1322050?

You can check for vulnerable systems by reviewing the version of Katello currently deployed and confirming it is not affected by the SQL injection flaw.

What are the implications of REDHAT-BUG-1322050?

The implications of REDHAT-BUG-1322050 include unauthorized access to sensitive data through SQL injection, which can lead to data breaches.

Vulnerability/
REDHAT-BUG-1322050

high

CWE

29/3/2016

29/9/2019

REDHAT-BUG-1322050: SQL Injection

First published: Tue Mar 29 2016(Updated: )

Description of problem: The foreman & Katello projects received an upstream notification about the discovery of an authenticated sql injection vulnerability within katello: Dear Katello/Foreman Team, During an internal test it was discovered that the scoped search parameters sort_by and sort_order are vulnerable to an authenticated SQL injection. If we access: <a href="https://x.x.x.x/katello/api/v2/organizations/1/sync_plans/1/products?available_for=sync_plan&full_result=true&page=1&search=&sort_by=name&sort_order=ASC">https://x.x.x.x/katello/api/v2/organizations/1/sync_plans/1/products?available_for=sync_plan&full_result=true&page=1&search=&sort_by=name&sort_order=ASC</a>' we will see the following error: {"displayMessage":"PG::Error: ERROR: unterminated quoted string at or near \"', katello_products.id <<a href="http://katello_products.id">http://katello_products.id</a>> DESC\"\nLINE 1: ...n_id IS NULL)) ORDER BY katello_products.name <<a href="http://katello_products.name">http://katello_products.name</a>> ASC', katello...\n ^\n: SELECT \"katello_products\".* FROM \"katello_products\" WHERE \"katello_products\".\"id\" IN (SELECT DISTINCT \"katello_products\".\"id\" FROM \"katello_products\" WHERE \"katello_products\".\"organization_id\" = 1 AND (katello_products.id <<a href="http://katello_products.id">http://katello_products.id</a>> in (NULL) or katello_products.id <<a href="http://katello_products.id">http://katello_products.id</a>> in (6,5,4,2,3,1)) AND (sync_plan_id != '1' OR sync_plan_id IS NULL)) ORDER BY katello_products.name <<a href="http://katello_products.name">http://katello_products.name</a>> ASC', katello_products.id <<a href="http://katello_products.id">http://katello_products.id</a>> DESC","errors":["PG::Error: ERROR: unterminated quoted string at or near \"', katello_products.id <<a href="http://katello_products.id">http://katello_products.id</a>> DESC\"\nLINE 1: ...n_id IS NULL)) ORDER BY katello_products.name <<a href="http://katello_products.name">http://katello_products.name</a>> ASC', katello...\n The injection can be exploited as a blind time based injection. Best Regards Oliver External reference: The line of code in question here is: <a href="https://github.com/Katello/katello/blob/KATELLO-3.0/app/controllers/katello/api/v2/api_controller.rb#L67">https://github.com/Katello/katello/blob/KATELLO-3.0/app/controllers/katello/api/v2/api_controller.rb#L67</a>

Affected Software	Affected Version	How to fix
Katello

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1322050?
The severity of REDHAT-BUG-1322050 is classified as high due to the potential for authenticated SQL injection.
How do I fix REDHAT-BUG-1322050?
To mitigate REDHAT-BUG-1322050, you should update Katello to the latest patched version that addresses this vulnerability.
What software is affected by REDHAT-BUG-1322050?
REDHAT-BUG-1322050 affects the Katello project, specifically the versions that utilize scoped search parameters.
How can I check if my system is vulnerable to REDHAT-BUG-1322050?
You can check for vulnerable systems by reviewing the version of Katello currently deployed and confirming it is not affected by the SQL injection flaw.
What are the implications of REDHAT-BUG-1322050?
The implications of REDHAT-BUG-1322050 include unauthorized access to sensitive data through SQL injection, which can lead to data breaches.

agent/references
agent/type
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-3072
agent/first-publish-date
agent/severity
agent/weakness
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/katello
canonical/katello