Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat CloudForms 安全绕过漏洞
Vulnerability Description
Red Hat CloudForms是美国红帽(Red Hat)公司的一套laaS(基础设施即服务)云服务解决方案。该解决方案可创建、管理私有和公共云,并具备对应用程序生命周期的管理能力。 Red Hat CloudForms 1.1之前版本中的Katello中的proxies_controller.rb中存在漏洞,该漏洞源于没有正确校验权限。通过与系统的‘consumer UUID’相关未明向量,远程认证攻击者利用该漏洞读取consumer证书或修改任意用户的设置。
CVSS Information
N/A
Vulnerability Type
N/A