CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=882129
http://www.securityfocus.com/bid/56819
http://rhn.redhat.com/errata/RHSA-2012-1543.html	Vendor Advisory
http://osvdb.org/88142
http://secunia.com/advisories/51472	Vendor Advisory
http://osvdb.org/88140
http://rhn.redhat.com/errata/RHSA-2013-0544.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/80549

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*

Information

Published : 2013-01-04 14:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-5603

Mitre link : CVE-2012-5603

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

redhat

cloudforms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/56819", "name": "56819", "tags": [], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html", "name": "RHSA-2012:1543", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://osvdb.org/88142", "name": "88142", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/51472", "name": "51472", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/88140", "name": "88140", "tags": [], "refsource": "OSVDB"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "name": "RHSA-2013:0544", "tags": [], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549", "name": "cloudforms-katello-sec-bypass(80549)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the \"consumer UUID\" of a system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-5603", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-01-04T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:32Z"}