VYPR
Unrated severityNVD Advisory· Published Apr 17, 2014· Updated Jun 16, 2026

CVE-2013-2143

CVE-2013-2143

Description

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Red Hat/Satellite2 versions
    cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*range: <=1.5.0-14
    • (no CPE)range: <=1.5.0-14

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.