CVE-2013-2143
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 48%
from disclosure to weapon0 days
Published on NVDApr 17
1st PoCMar 26
metasploitMar 24
exploitation probability
48%top 1% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.htmlunverifiedcve_referencewww.exploit-db.com/exploits/32515unverifiedexploitdbwww.exploit-db.com/exploits/32515unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.