Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Katello 安全绕过漏洞
Vulnerability Description
Katello 1.0版本和之前版本中存在漏洞,可被攻击者利用绕过某些安全限制。该漏洞源于安装脚本使用cookie生成的可预测令牌。攻击者可利用该漏洞绕过web接口身份验证机制并作为任意用户登录。
CVSS Information
N/A
Vulnerability Type
N/A