PT-2014-2559 · Red Hat · Red Hat Satellite+1

Ramon De C Valle

Published

2014-04-17

Updated

2021-07-16

CVE-2013-2143

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Katello versions 1.5.0-14 and earlier Red Hat Satellite (affected versions not specified)

Description The issue concerns the users controller, which fails to check authorization for the update roles action. This allows remote authenticated users to gain privileges by setting a user account to an administrator account.

Recommendations For Katello versions 1.5.0-14 and earlier, consider disabling the update roles action until a patch is available. For Red Hat Satellite, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-2143

Affected Products

Katello

Red Hat Satellite

PT-2014-2559 · Red Hat · Red Hat Satellite+1

CVE-2013-2143

Weakness Enumeration

Related Identifiers

Affected Products

References · 8