CVE-2012-5603 Information

Description

proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions which allows remote authenticated users to read consumer certificates or change arbitrary users’ settings via unspecified vectors related to the \consumer UUID\ of a system.

Reference

http://osvdb.org/88140 http://osvdb.org/88142 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://rhn.redhat.com/errata/RHSA-2013-0544.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=882129 https://exchange.xforce.ibmcloud.com/vulnerabilities/80549