Lucene search
K

5 matches found

Check Point Advisories
Check Point Advisories
added 2014/05/29 12:0 a.m.5 views

Katello update_roles Privilege Escalation (CVE-2013-2143)

A privilege escalation vulnerability has been reported in Katello. The vulnerability is due to a missing authorization at the "updateroles" action of "users" controller. A remote authenticated attacker may exploit this vulnerability to gain administrator privileges...

6.5CVSS6.7AI score0.48221EPSS
Exploits5
CVE
CVE
added 2014/04/17 2:0 p.m.59 views

CVE-2013-2143

Summary: CVE-2013-2143 records a privilege-escalation flaw in Katello 1.5.0-14 and earlier (and Red Hat Satellite) where the users controller’s update_roles action does not enforce authorization. This allows remote authenticated users to elevate a normal account to administrator by manipulating t...

6.5CVSS6.6AI score0.48221EPSS
Exploits5References4Affected Software2
Circl
Circl
added 2014/03/26 12:0 a.m.12 views

CVE-2013-2143

creationtimestamp| type| source ---|---|--- 2014-03-26 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32515 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/katellosatelliteprivesc.rb 2025-02-06 03:13:41+00:00...

6.5CVSS5.7AI score0.48221EPSS
Exploits5References2
0day.today
0day.today
added 2014/03/26 12:0 a.m.43 views

Katello (Red Hat Satellite) users/update_roles Missing Authorization

This Metasploit module exploits a missing authorization vulnerability in the "updateroles" action of "users" controller of Katello and Red Hat Satellite Katello 1.5.0-14 and earlier by changing the specified account to an administrator account. This module requires Metasploit:...

6.5CVSS6.4AI score0.48221EPSS
Exploits5
Metasploit
Metasploit
added 2014/03/25 2:44 a.m.36 views

Katello (Red Hat Satellite) users/update_roles Missing Authorization

This module exploits a missing authorization vulnerability in the "updateroles" action of "users" controller of Katello and Red Hat Satellite Katello 1.5.0-14 and earlier by changing the specified account to an administrator account. This module requires Metasploit: https://metasploit.com/downloa...

6.5CVSS6.9AI score0.48221EPSS
Exploits5
Rows per page
Query Builder