← back
CVE-2013-2143

CVE-2013-2143

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 48%
from disclosure to weapon0 days
Published on NVDApr 17
1st PoCMar 26
metasploitMar 24
exploitation probability
48%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.