CVE-2020-10783 – CloudForms: Missing access control leads to escalation of admin group privileges
https://notcve.org/view.php?id=CVE-2020-10783
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de escalada de privilegios basada en roles. Un atacante con grupo EVM-Operador puede llevar a cabo acciones restringidas solo para el grupo EVM-Super-administrador, conlleva a, exportar o importar archivos de administrador A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator. Refer CVE-2020-25716 for remaining RBAC group fixes. • https://access.redhat.com/security/cve/cve-2020-10783 https://bugzilla.redhat.com/show_bug.cgi?id=1847811 https://access.redhat.com/security/cve/CVE-2020-10783 • CWE-284: Improper Access Control •
CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario de control de acceso basado en roles existente y no existente, con grupos y roles. Con un grupo seleccionado de EvmGroup-super_administrator, un atacante puede llevar a cabo cualquier petición de la API como superadministrador A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. • https://access.redhat.com/security/cve/cve-2020-14325 https://bugzilla.redhat.com/show_bug.cgi?id=1855739 https://access.redhat.com/security/cve/CVE-2020-14325 • CWE-285: Improper Authorization •
CVE-2014-0197 – CFME: CSRF protection vulnerability in referrer header
https://notcve.org/view.php?id=CVE-2014-0197
CFME: CSRF protection vulnerability via permissive check of the referrer header CFME: una vulnerabilidad de la protección CSRF mediante una comprobación permisiva del encabezado de referencia. • https://access.redhat.com/security/cve/cve-2014-0197 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0197 https://access.redhat.com/security/cve/CVE-2014-0197 https://bugzilla.redhat.com/show_bug.cgi?id=1092875 • CWE-285: Improper Authorization CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-4423
https://notcve.org/view.php?id=CVE-2013-4423
CloudForms stores user passwords in recoverable format CloudForms, almacena las contraseñas de los usuarios en formato recuperable • https://access.redhat.com/security/cve/cve-2013-4423 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4423 • CWE-522: Insufficiently Protected Credentials •
CVE-2013-0186 – EVM: Stored XSS
https://notcve.org/view.php?id=CVE-2013-0186
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ManageIQ EVM, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://access.redhat.com/errata/RHSA-2014:0215 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0186 https://access.redhat.com/security/cve/CVE-2013-0186 https://bugzilla.redhat.com/show_bug.cgi?id=895346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •