CVE-2012-5603
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
04/01/2013
Last modified:
11/04/2025
Description
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
Impact
Base Score 2.0
5.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:* | 1.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/88140
- http://osvdb.org/88142
- http://rhn.redhat.com/errata/RHSA-2012-1543.html
- http://rhn.redhat.com/errata/RHSA-2013-0544.html
- http://secunia.com/advisories/51472
- http://www.securityfocus.com/bid/56819
- https://bugzilla.redhat.com/show_bug.cgi?id=882129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80549
- http://osvdb.org/88140
- http://osvdb.org/88142
- http://rhn.redhat.com/errata/RHSA-2012-1543.html
- http://rhn.redhat.com/errata/RHSA-2013-0544.html
- http://secunia.com/advisories/51472
- http://www.securityfocus.com/bid/56819
- https://bugzilla.redhat.com/show_bug.cgi?id=882129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80549