CVE-2020-25716 – Cloudforms: Incomplete fix for CVE-2020-10783
https://notcve.org/view.php?id=CVE-2020-25716
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1898525 https://access.redhat.com/security/cve/CVE-2020-25716 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVE-2020-14369 – CloudForms: Cross Site Request Forgery in API notifications
https://notcve.org/view.php?id=CVE-2020-14369
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontró en Red Hat CloudForms que forza a los usuarios finales a ejecutar acciones no deseadas en una aplicación web en la que el usuario está actualmente autenticado. Un atacante puede hacer una petición HTTP falsificada al servidor al diseñar un archivo flash personalizado que puede obligar al usuario a llevar a cabo una petición de cambio de estado, como aprovisionar máquinas virtuales, ejecutando libros de jugadas de ansible, etc • https://bugzilla.redhat.com/show_bug.cgi?id=1871921 https://access.redhat.com/security/cve/CVE-2020-14369 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario de control de acceso basado en roles existente y no existente, con grupos y roles. Con un grupo seleccionado de EvmGroup-super_administrator, un atacante puede llevar a cabo cualquier petición de la API como superadministrador A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. • https://access.redhat.com/security/cve/cve-2020-14325 https://bugzilla.redhat.com/show_bug.cgi?id=1855739 https://access.redhat.com/security/cve/CVE-2020-14325 • CWE-285: Improper Authorization •
CVE-2018-10905 – cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root
https://notcve.org/view.php?id=CVE-2018-10905
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user. CloudForms Management Engine (cfme) es vulnerable a una opción de seguridad incorrecta en el componente dRuby de CloudForms. Un atacante con acceso a un shell local sin privilegios podría emplear este error para ejecutar comandos como usuario con altos privilegios. CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. • https://access.redhat.com/errata/RHSA-2018:2561 https://access.redhat.com/errata/RHSA-2018:2745 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905 https://access.redhat.com/security/cve/CVE-2018-10905 https://bugzilla.redhat.com/show_bug.cgi?id=1602190 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control •
CVE-2018-3760 – rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
https://notcve.org/view.php?id=CVE-2018-3760
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Existe una vulnerabilidad de fuga de información en Sprockets. • https://github.com/mpgn/CVE-2018-3760 https://github.com/cyberharsh/Ruby-On-Rails-Path-Traversal-Vulnerability-CVE-2018-3760- https://access.redhat.com/errata/RHSA-2018:2244 https://access.redhat.com/errata/RHSA-2018:2245 https://access.redhat.com/errata/RHSA-2018:2561 https://access.redhat.com/errata/RHSA-2018:2745 https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5fhttps://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441https://github.com/rails/sproc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •