A flaw was found in the way cumin enforced user roles, allowing an unprivileged cumin user to access a range of resources without having the appropriate role. A remote, authenticated attacker could use this flaw to access privileged information, and perform a variety of privileged operations.
Acknowledgements: This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
*** Bug 995016 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:1852 https://rhn.redhat.com/errata/RHSA-2013-1852.html
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2013:1851 https://rhn.redhat.com/errata/RHSA-2013-1851.html