CVE-2013-2143

2014-04-17T14:55:00
ID CVE-2013-2143
Type cve
Reporter cve@mitre.org
Modified 2014-04-17T15:57:00

Description

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.