This Metasploit module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
e0371216c7f1d8860897ca9e5f3d083fc1371c2aca741321b8cb6ff295f73dbf