Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-12515
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 2 days, 7 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 11 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 days, 7 hours ago
Katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.

References

Affected products

ctags
katello
rubygem-katello
satellite:el8/katello
satellite:el8/rubygem-katello

Matching in nixpkgs

pkgs.ctags

Tool for fast source code browsing (exuberant ctags)

  • nixos-unstable 816
    • nixpkgs-unstable 816
    • nixos-unstable-small 816
  • nixos-26.05 816
    • nixos-26.05-small 816
    • nixpkgs-26.05-darwin 816

Package maintainers