The users controller in Katello 1.5.0-14 and previous versions, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat network satellite - |
||
theforeman katello |