conductor is vulnerable to authorization bypass. The web-based management console allowed unprivileged users to modify their quota for the number of instances they are allowed to run. An unprivileged user could use this flaw to monopolize resources and run more instances than intended.
rhn.redhat.com/errata/RHSA-2013-0545.html
access.redhat.com/knowledge/docs/
access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=895569
bugzilla.redhat.com/show_bug.cgi?id=903395
bugzilla.redhat.com/show_bug.cgi?id=903646
bugzilla.redhat.com/show_bug.cgi?id=903650
bugzilla.redhat.com/show_bug.cgi?id=903651
bugzilla.redhat.com/show_bug.cgi?id=906192
bugzilla.redhat.com/show_bug.cgi?id=912395
rhn.redhat.com/errata/RHSA-2013-0545.html