PT-2013-1810 · Red Hat · Katello+1
Lukas Zapletal
·
Published
2013-01-04
·
Updated
2017-08-29
·
CVE-2012-5603
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat CloudForms version 1.0
Description
The issue is related to the proxies controller.rb in Katello, where it does not properly check permissions. This allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the
consumer UUID of a system.Recommendations
For Red Hat CloudForms version 1.0, update to version 1.1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Katello
Red Hat Cloudforms