Vulnerability Description
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | <= 1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/88140
- http://osvdb.org/88142
- http://rhn.redhat.com/errata/RHSA-2012-1543.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0544.html
- http://secunia.com/advisories/51472Vendor Advisory
- http://www.securityfocus.com/bid/56819
- https://bugzilla.redhat.com/show_bug.cgi?id=882129
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80549
- http://osvdb.org/88140
- http://osvdb.org/88142
- http://rhn.redhat.com/errata/RHSA-2012-1543.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0544.html
- http://secunia.com/advisories/51472Vendor Advisory
- http://www.securityfocus.com/bid/56819
- https://bugzilla.redhat.com/show_bug.cgi?id=882129
FAQ
What is CVE-2012-5603?
CVE-2012-5603 is a vulnerability with a CVSS score of 5.5 (MEDIUM). proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' ...
How severe is CVE-2012-5603?
CVE-2012-5603 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5603?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms.