3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
34.3%
The Luci in Red Hat Conga is vulnerable to privilege escalation. Storing usernames and passwords in __ac
session cookies leads to incorrect session inactivity timeout and to get access to the user credential via the cookie.
rhn.redhat.com/errata/RHSA-2013-0128.html
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=607179
bugzilla.redhat.com/show_bug.cgi?id=832181
bugzilla.redhat.com/show_bug.cgi?id=832183
bugzilla.redhat.com/show_bug.cgi?id=832185
bugzilla.redhat.com/show_bug.cgi?id=835649
bugzilla.redhat.com/show_bug.cgi?id=839732
rhn.redhat.com/errata/RHSA-2013-0128.html