35 results (0.016 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. Una configuración no segura para la verificación de certificados (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) puede conllevar a una omisión de verificación en Red Hat CloudForms versión 5.x • https://bugzilla.redhat.com/show_bug.cgi?id=1151208 • CWE-295: Improper Certificate Validation •

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities. Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de inyección CSV, una carga útil diseñada permanece inactiva hasta que una víctima la exporta como CSV y abre el archivo con Excel. Una vez que la víctima abre el archivo, la fórmula es ejecutada, desencadenando cualquier número de posibles eventos. • https://access.redhat.com/security/cve/cve-2020-10780 https://bugzilla.redhat.com/show_bug.cgi?id=1847794 https://access.redhat.com/security/cve/CVE-2020-10780 • CWE-20: Improper Input Validation CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. Red Hat CloudForms versiones 4.7 y 5, era vulnerable a un fallo de tipo Server-Side Request Forgery (SSRF). Con el acceso para agregar el proveedor de Ansible Tower, un atacante podría escanear y atacar sistemas desde la red interna que normalmente no son accesibles A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network. • https://access.redhat.com/security/cve/cve-2020-14296 https://bugzilla.redhat.com/show_bug.cgi?id=1847860 https://access.redhat.com/security/cve/CVE-2020-14296 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. Se encontró una vulnerabilidad de alta gravedad en todas las versiones activas de Red Hat CloudForms versiones anteriores a 5.11.7.0. La vulnerabilidad de inyección de comandos del Sistema Operativo fuera de banda puede ser explotada por parte de un atacante autenticado mientras configura el host de conversión por medio de Infrastructure Migration Solution. • https://access.redhat.com/security/cve/cve-2020-14324 https://bugzilla.redhat.com/show_bug.cgi?id=1855713 https://access.redhat.com/security/cve/CVE-2020-14324 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 3.9EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. Se detectó un fallo en Ansible Engine, cuando el paquete o servicio del módulo es usado y el parámetro "use" no es especificado. Si una tarea anterior es ejecutada con un usuario malicioso, el módulo enviado puede ser seleccionado por parte del atacante usando el archivo de datos de ansible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738 https://github.com/ansible/ansible/issues/67796 https://security.gentoo.org/glsa/202006-11 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •