CVE-2012-5603

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://osvdb.org/88140
http://osvdb.org/88142
http://rhn.redhat.com/errata/RHSA-2012-1543.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0544.html
http://secunia.com/advisories/51472	Vendor Advisory
http://www.securityfocus.com/bid/56819
https://bugzilla.redhat.com/show_bug.cgi?id=882129
https://exchange.xforce.ibmcloud.com/vulnerabilities/80549

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-01-04 22:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-5603

Mitre link : CVE-2012-5603

CVE.ORG link : CVE-2012-5603

JSON object : View

Products Affected

redhat

cloudforms

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-5603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-04T22:55:02.383", "references": [{"url": "http://osvdb.org/88140", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/88142", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51472", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/56819", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the \"consumer UUID\" of a system."}, {"lang": "es", "value": "proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios a trav\u00e9s de vectores relacionados con el \"consumer UUID\"de un system."}], "lastModified": "2017-08-29T01:32:43.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72189D15-3318-45CD-B37E-FD53E4422052", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}