exploitDog

CVE-2013-2143

Опубликовано: 17 апр. 2014

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*

cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*

Версия до 1.5.0-14 (включая)

EPSS

Процентиль: 98%

0.6343

Средний

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2013-2143

redhat

почти 12 лет назад

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

GHSA-rhwm-66gm-6j9v

github

больше 3 лет назад

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

EPSS

Процентиль: 98%

0.6343

Средний

6.5 Medium

CVSS2

Дефекты

CWE-20