Privilege Escalation

2019-01-1508:52:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.3%

JSON

The Luci in Red Hat Conga is vulnerable to privilege escalation. Storing usernames and passwords in __ac session cookies leads to incorrect session inactivity timeout and to get access to the user credential via the cookie.

CPENameOperatorVersion
congaeq0.12.2__24.el5
congaeq0.12.2__6.el5_4.1
congaeq0.12.1__7.el5
congaeq0.12.2__32.el5
congaeq0.12.1__7.3.el5_3
congaeq0.12.2__6.el5
congaeq0.12.2__51.el5
congaeq0.12.2__12.el5_5.4
congaeq0.12.2__24.el5_6.1
congaeq0.12.0__7.el5

Name	Operator	Version
conga	eq	0.12.2__24.el5
conga	eq	0.12.2__6.el5_4.1
conga	eq	0.12.1__7.el5
conga	eq	0.12.2__32.el5
conga	eq	0.12.1__7.3.el5_3
conga	eq	0.12.2__6.el5
conga	eq	0.12.2__51.el5
conga	eq	0.12.2__12.el5_5.4
conga	eq	0.12.2__24.el5_6.1
conga	eq	0.12.0__7.el5