Miggo Logo

CVE-2018-14623: katello SQL Injection vulnerability

4.3

CVSS Score
3.0

Basic Information

EPSS Score
0.47778%
Published
5/13/2022
Updated
3/6/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
katellorubygems<= 3.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from an incomplete fix for CVE-2016-3072, which originally involved the scoped_search function handling user-controlled sorting parameters. The errata API endpoint (/katello/api/v2/errata) uses this function to build SQL queries, and the 'sort_by' parameter manipulation leads to injection. Historical context from related CVEs and the error message leakage mechanism (CWE-209) both point to insufficient input validation in query construction logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* SQL inj**tion *l*w w*s *oun* in k*t*llo's *rr*t*-r*l*t** *PI. *n *ut**nti**t** r*mot* *tt**k*r **n *r**t input **t* to *or** * m*l*orm** SQL qu*ry to t** ***k*n* **t***s*, w*i** will l**k int*rn*l I*s. T*is is issu* is r*l*t** to *n in*ompl*t* *ix

Reasoning

T** vuln*r**ility st*ms *rom *n in*ompl*t* *ix *or *V*-****-****, w*i** ori*in*lly involv** t** s*op**_s**r** *un*tion **n*lin* us*r-*ontroll** sortin* p*r*m*t*rs. T** *rr*t* *PI *n*point (/k*t*llo/*pi/v*/*rr*t*) us*s t*is *un*tion to *uil* SQL qu*ri