Intrusion Prevention

Katello.USERS.update_roles.Privilege.Escalation

Description

This indicates an attack attempt to exploit an Elevation of Privilege vulnerability in Katello and in Red Hat Satellite.
The vulnerability is due to an error when the vulnerable server handles a maliciously crafted HTTP request. Remote authenticated attackers may be able to exploit this to escalate their privilege on vulnerable systems.

Affected Products

katello version 1.5.0-14 and prior

Impact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://theforeman.org/plugins/katello/

CVE References

CVE-2013-2143

Other References

32515