Lucene search
HistoryApr 17, 2014 - 2:55 p.m.
CVE-2013-2143
katello
red hat satellite
cve-2013-2143
access control
authorization bypass
remote authentication
6.7 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.748 High
EPSS
Percentile
98.2%
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:network_satellite | redhat network satellite | eq | - |
| theforeman:katello | theforeman katello | le | 1.5.0-14 |
References
Social References
More
Related
packetstorm
packetstorm
Katello (Red Hat Satellite) users/update_roles Missing Authorization
2014-03-25 00:00:00
prion
prion
Authorization
2014-04-17 14:55:00
veracode
veracode
Privilege Escalation
2017-03-28 07:16:46
checkpoint_advisories
checkpoint_advisories
Katello update_roles Privilege Escalation (CVE-2013-2143)
2014-05-29 00:00:00
cvelist
cvelist
CVE-2013-2143
2014-04-17 14:00:00
zdt
zdt
Katello (Red Hat Satellite) users/update_roles Missing Authorization
2014-03-26 00:00:00
6.7 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.748 High
EPSS
Percentile
98.2%
Related for CVE-2013-2143