CVE-2012-5603
Katello: lack of authorization in proxies_controller.rb
Severity Score
5.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios a través de vectores relacionados con el "consumer UUID"de un system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-04 CVE Published
- 2023-11-25 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/88140 | Vdb Entry | |
| http://osvdb.org/88142 | Vdb Entry | |
| http://www.securityfocus.com/bid/56819 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80549 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1543.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2013-0544.html | 2017-08-29 | |
| http://secunia.com/advisories/51472 | 2017-08-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=882129 | 2013-02-21 | |
| https://access.redhat.com/security/cve/CVE-2012-5603 | 2013-02-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | <= 1.0 Search vendor "Redhat" for product "Cloudforms" and version " <= 1.0" | - |
Affected
| ||||||