What is the severity of CVE-2012-6118?

CVE-2012-6118 has been classified as a medium severity vulnerability.

How do I fix CVE-2012-6118?

To fix CVE-2012-6118, it is recommended to update Aeolus Conductor to the latest version provided by the vendor.

What impact does CVE-2012-6118 have on Aeolus Conductor?

CVE-2012-6118 allows an unprivileged user to change their Maximum Running Instances quota, potentially leading to resource abuse.

Which versions of Aeolus Conductor are affected by CVE-2012-6118?

CVE-2012-6118 affects all versions of Red Hat Aeolus Conductor prior to the fix provided in the updated release.

Who discovered CVE-2012-6118?

CVE-2012-6118 was discovered by Tomas Sedovic and reported to the private aeolus-security mailing list.

Vulnerability/
CVE-2012-6118

medium

5.5

CWE

264

31/1/2013

12/3/2013

6/8/2024

CVE-2012-6118

First published: Thu Jan 31 2013(Updated: )

*** Reported by Tomas Sedovic to the private aeolus-security mailing list *** Tomas Sedovic discovered a security issue with Aeolus Conductor. Tested on master (e4d068b8d97906bf073dc20cbff895a10c3151e1). An unprivileged user is able to change their Maximum Running Instances quota on their user account page. Steps to reproduce: 1. As an admin, create a new user "John Doe" with default permissions and quota 3 2. Logout 3. Log in as the newly created user 4. Select the "Administer" tab 5. Press the "Edit" button below Username 6. Verify that "Maximum Running Instances" quota is set to "3" 7. Change the quota to 10000 8. Press "Update User" Expected: the quota will remain "3" Actual: jdoe's quota is now set to "10000" That the change is real can be verified by logging as an Admin again and going to the Users page.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Aeolus Conductor

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6118?
CVE-2012-6118 has been classified as a medium severity vulnerability.
How do I fix CVE-2012-6118?
To fix CVE-2012-6118, it is recommended to update Aeolus Conductor to the latest version provided by the vendor.
What impact does CVE-2012-6118 have on Aeolus Conductor?
CVE-2012-6118 allows an unprivileged user to change their Maximum Running Instances quota, potentially leading to resource abuse.
Which versions of Aeolus Conductor are affected by CVE-2012-6118?
CVE-2012-6118 affects all versions of Red Hat Aeolus Conductor prior to the fix provided in the updated release.
Who discovered CVE-2012-6118?
CVE-2012-6118 was discovered by Tomas Sedovic and reported to the private aeolus-security mailing list.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6118
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat aeolus conductor

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.