Full title: Katello (Red Hat Satellite) users/update_roles Missing Authorization 
Category: remote exploits
Platform: linux
This Metasploit module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.

# 0day.today @ http://0day.today/