CVE-2026-12515 | A flaw was found in Katello's of Red Hat Satellite. A conten… | CVSS 4.3 MEDIUM

Description

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.

Metadata

CVE ID: CVE-2026-12515
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-17 12:39 UTC
Published: 2026-06-17 15:34 UTC
Last updated: 2026-06-17 15:39 UTC
Primary CWE: CWE-862
Missing Authorization
Vendor / Product: Red Hat / Red Hat Hardened Images
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products (5)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Hardened Images	—	—
Red Hat	Red Hat Satellite 6	—	—
Red Hat	Red Hat Satellite 6	—	—
Red Hat	Red Hat Satellite 6	—	—
Red Hat	Red Hat Satellite 6	—	—

Weakness (CWE)

CWE	Source	Description
CWE-862	cna	Missing Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (3)