2018-12-13 22:00:00
redhat
PUBLISHED
A SQL injection flaw was found in katellos errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.