CVE-2013-2143

2014-04-17T10:55:05
ID CVE-2013-2143
Type cve
Reporter NVD
Modified 2014-04-17T11:57:43

Description

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.