Описание
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Subscription Asset Manager | katello | Affected | ||
| Red Hat Satellite 6.0 | katello | Fixed | RHEA-2014:1175 | 10.09.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=991318Katello: CLI - user without access can call "system remove_deletion" command
4.9 Medium
CVSS2
Связанные уязвимости
CVSS3: 4.3
nvd
почти 8 лет назад
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVSS3: 4.3
github
больше 3 лет назад
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
4.9 Medium
CVSS2