Published: 25/08/2012 Updated: 13/02/2024

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The installation script in Katello 1.0 and previous versions does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote malicious users to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman katello
redhat enterprise linux server 6.0

Synopsis Important: katello security update Type/Severity Security Advisory: Important Topic Updated katello packages that fix one security issue are now available forRed Hat Subscription Asset ManagerThe Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vuln ...

CWE-798 http://rhn.redhat.com/errata/RHSA-2012-1186.html https://github.com/Katello/katello/pull/499 https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3 http://www.securityfocus.com/bid/55140 http://rhn.redhat.com/errata/RHSA-2012-1187.html http://secunia.com/advisories/50344 https://access.redhat.com/errata/RHSA-2012:1187 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3503

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect