Lucene search
HistoryApr 17, 2014 - 2:55 p.m.
CVE-2013-2143
katello
red hat satellite
cve-2013-2143
access control
authorization bypass
remote authentication
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.748 High
EPSS
Percentile
98.2%
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Affected configurations
Node
redhatnetwork_satelliteMatch-
ORtheforemankatelloRange≤1.5.0-14
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:network_satellite | redhat network satellite | eq | - |
| theforeman:katello | theforeman katello | le | 1.5.0-14 |
References
Social References
More
Related
prion
prion
Authorization
2014-04-17 14:55:00
nvd
nvd
CVE-2013-2143
2014-04-17 14:55:05
checkpoint_advisories
checkpoint_advisories
Katello update_roles Privilege Escalation (CVE-2013-2143)
2014-05-29 00:00:00
veracode
veracode
Privilege Escalation
2017-03-28 07:16:46
packetstorm
packetstorm
Katello (Red Hat Satellite) users/update_roles Missing Authorization
2014-03-25 00:00:00
zdt
zdt
Katello (Red Hat Satellite) users/update_roles Missing Authorization
2014-03-26 00:00:00
cvelist
cvelist
CVE-2013-2143
2014-04-17 14:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.748 High
EPSS
Percentile
98.2%
Related for CVE-2013-2143