CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12148 – Tower: modification of git hooks in SCM repo via upstream playbook execution
https://notcve.org/view.php?id=CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. Se ha encontrado un fallo en la interfaz de Ansible Tower en versiones anteriores a la 3.1.5 y 3.2.0 con repositorios SCM. Si la definición de un proyecto de Tower (repositorio SCM) no tiene el flag "delete before update" marcado, un atacante con acceso commit al repositorio de origen del playbook upstream podría crear un playbook troyano que, cuando es ejecutado por Tower, modifique el repositorio SCM comprobado para añadiir hooks git. • https://access.redhat.com/errata/RHSA-2017:3005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148 https://access.redhat.com/security/cve/CVE-2017-12148 https://bugzilla.redhat.com/show_bug.cgi?id=1485474 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7813
https://notcve.org/view.php?id=CVE-2014-7813
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols. Red Hat CloudForms 3 Management Engine (CFME) permite que usuarios autenticados remotos provoquen una denegación de servicio (consumo de recursos) mediante vectores que implican llamadas a la función de Rails .to_sym y la falta de recolección de elementos no utilizados de símbolos insertados. • https://bugzilla.redhat.com/show_bug.cgi?id=1157872 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 97%CPEs: 18EXPL: 3CVE-2017-11610 – Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. El servidor XML-RPC en supervisor en versiones anteriores a la 3.0.1, 3.1.x en versiones anteriores a la 3.1.4, 3.2.x en versiones anteriores a la 3.2.4, y 3.3.x en versiones anteriores a la 3.3.3 permite que atacantes remotos autenticados ejecuten comandos arbitrarios mediante una petición XML-RPC, relacionada con búsquedas de espacio de nombres supervisor anidados. A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord service. • https://www.exploit-db.com/exploits/42779 https://github.com/yaunsky/CVE-2017-11610 https://github.com/ivanitlearning/CVE-2017-11610 http://www.debian.org/security/2017/dsa-3942 https://access.redhat.com/errata/RHSA-2017:3005 https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.3. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7530 – cfme: Execution of arbitrary methods through filter param
https://notcve.org/view.php?id=CVE-2017-7530
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs). En CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y versiones 5.8.x anteriores a la 5.8.1, se ha detectado que falta la comprobación de privilegios cuando se invocan métodos arbitrarios filtrando las máquinas virtuales que MiqExpression va a ejecutar. Esta condición puede ser desencadenada por los usuarios de la API. Un atacante podría utilizarlo para ejecutar acciones para las que no debería estar autorizado (por ejemplo, destruir máquinas virtuales). • http://www.securityfocus.com/bid/100151 https://access.redhat.com/errata/RHSA-2017:1758 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7530 https://access.redhat.com/security/cve/CVE-2017-7530 https://bugzilla.redhat.com/show_bug.cgi?id=1465448 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2664 – CloudForms: lack of RBAC on various methods in web UI
https://notcve.org/view.php?id=CVE-2017-2664
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y 5.8.x anteriores a la 5.8.1 carece de controles RBAC en determinados métodos en la parte de la aplicación rails de CloudForms. Un atacante con acceso podría utilizar una variedad de métodos en la parte de la aplicación rails de CloudForms para escalar privilegios. CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. • http://www.securityfocus.com/bid/100148 https://access.redhat.com/errata/RHSA-2017:1758 https://access.redhat.com/errata/RHSA-2017:3484 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664 https://access.redhat.com/security/cve/CVE-2017-2664 https://bugzilla.redhat.com/show_bug.cgi?id=1435393 • CWE-284: Improper Access Control •