Katello.USERS.update_roles.Privilege.Escalation

description-logoDescription

This indicates an attack attempt to exploit an Elevation of Privilege vulnerability in Katello and in Red Hat Satellite.
The vulnerability is due to an error when the vulnerable server handles a maliciously crafted HTTP request. Remote authenticated attackers may be able to exploit this to escalate their privilege on vulnerable systems.

affected-products-logoAffected Products

katello version 1.5.0-14 and prior

Impact logoImpact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://theforeman.org/plugins/katello/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-19 14.635 Default_action:pass:drop
2019-06-07 14.628

References

32515