Описание
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | conga | Affected | ||
| Red Hat Enterprise Linux 6 | luci | Not affected | ||
| Red Hat Enterprise Linux 5 | conga | Fixed | RHSA-2014:1194 | 16.09.2014 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS2
Связанные уязвимости
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
ELSA-2014-1194: conga security and bug fix update (MODERATE)
5.5 Medium
CVSS2