What is CVE-2013-2143?

CVE-2013-2143 is a vulnerability in Theforeman Katello, classified under Improper Input Validation. Published 2014-04-17.

Is CVE-2013-2143 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Theforeman Katello

CVE-2013-2143

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.615 (98.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

32515 (Exploit, exploit, x_refsource_EXPLOIT-DB)
secalert@redhat.com (Exploit, x_refsource_MISC)
66434 (Exploit, vdb-entry, x_refsource_BID)
104981 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2013-2143?: CVE-2013-2143 is a vulnerability in Theforeman Katello, classified under Improper Input Validation. Published 2014-04-17.
Is CVE-2013-2143 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.