Lucene search

K

Veracode Vulnerability DatabaseVERACODE:14574

HistoryMay 02, 2019 - 4:53 a.m.

Authorization Bypass

2019-05-0204:53:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

EPSS

0.001

Percentile

50.5%

conductor is vulnerable to authorization bypass. The web-based management console allowed unprivileged users to modify their quota for the number of instances they are allowed to run. An unprivileged user could use this flaw to monopolize resources and run more instances than intended.

References

rhn.redhat.com/errata/RHSA-2013-0545.html

access.redhat.com/knowledge/docs/

access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=895569

bugzilla.redhat.com/show_bug.cgi?id=903395

bugzilla.redhat.com/show_bug.cgi?id=903646

bugzilla.redhat.com/show_bug.cgi?id=903650

bugzilla.redhat.com/show_bug.cgi?id=903651

bugzilla.redhat.com/show_bug.cgi?id=906192

bugzilla.redhat.com/show_bug.cgi?id=912395

rhn.redhat.com/errata/RHSA-2013-0545.html

EPSS

0.001

Percentile

50.5%

Related for VERACODE:14574

cvelist1 nvd1 cve1 prion1