6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.748 High
EPSS
Percentile
98.2%
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
CPE | Name | Operator | Version |
---|---|---|---|
redhat:network_satellite | redhat network satellite | eq | - |
theforeman:katello | theforeman katello | le | 1.5.0-14 |
More