CVE-2012-5603 — Redhat Cloudforms vulnerability

CWE-2645 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 51.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms

Timeline

PublishedJan 4

Latest updateMay 17

Description

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/cloudforms1.0

🔴Vulnerability Details

GHSA

GHSA-rgp9-vmqv-r74v: proxies_controller↗2022-05-17

▶

CVEList

CVE-2012-5603: proxies_controller↗2013-01-04

▶

📋Vendor Advisories

Red Hat

Katello: lack of authorization in proxies_controller.rb↗2012-12-04

▶

💬Community

Bugzilla

CVE-2012-5603 CloudForms Katello: lack of authorization in proxies_controller.rb↗2012-11-30

▶