Back to bug 1322050
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-03-29 16:05:39 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-29 16:05:39 UTC | Doc Type | --- | Bug Fix |
| Kurt Seifried | 2016-03-29 16:18:14 UTC | Blocks | 1322054 | |
| Kurt Seifried | 2016-03-29 16:21:14 UTC | Depends On | 1321635 | |
| Kurt Seifried | 2016-03-29 17:07:09 UTC | Whiteboard | impact=important,public=no,reported=20160328,source=internet,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cwe=CWE-89,rhn_satellite_6/katello=affected,sam-1/katello=affected | impact=important,public=no,reported=20160328,source=internet,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cwe=CWE-89,rhn_satellite_6/katello=affected,sam-1/katello=notaffected |
| Clifford Perry | 2016-04-01 14:39:53 UTC | CC | cperry, taw | |
| Kurt Seifried | 2016-05-05 20:31:39 UTC | CC | jmatthew, tsanders | |
| Kurt Seifried | 2016-05-10 15:52:24 UTC | Doc Text | An input sanitization flaw was found in the the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database. | |
| Martin Prpič | 2016-05-11 07:20:22 UTC | Doc Text | An input sanitization flaw was found in the the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database. | An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database. |
| Kurt Seifried | 2016-05-16 18:37:51 UTC | Whiteboard | impact=important,public=no,reported=20160328,source=internet,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cwe=CWE-89,rhn_satellite_6/katello=affected,sam-1/katello=notaffected | impact=important,public=20160516,reported=20160328,source=internet,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cwe=CWE-89,rhn_satellite_6/katello=affected,sam-1/katello=notaffected |
| Kurt Seifried | 2016-05-16 18:37:55 UTC | Summary | EMBARGOED CVE-2016-3072 Katello: Authenticated sql injection via sort_by and sort_order request parameter | CVE-2016-3072 Katello: Authenticated sql injection via sort_by and sort_order request parameter |
| Kurt Seifried | 2016-05-16 18:37:59 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2016-06-01 19:34:11 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-06-01 15:34:11 UTC | |||
| Adam Mariš | 2016-06-28 14:53:37 UTC | Depends On | 1350803 | |
| Product Security DevOps Team | 2019-09-29 13:46:44 UTC | Whiteboard | impact=important,public=20160516,reported=20160328,source=internet,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,cwe=CWE-89,rhn_satellite_6/katello=affected,sam-1/katello=notaffected |
Back to bug 1322050