CVE-2013-2143 in Red Hat and Theforeman Products
Published on April 17, 2014
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Products Associated with CVE-2013-2143
stack.watch emails you whenever new vulnerabilities are published in Red Hat Network Satellite or Theforeman Katello. Just hit a watch button to start following.
Exploit Probability
EPSS
68.61%
Percentile
98.60%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.