CVE-2020-10783 – CloudForms: Missing access control leads to escalation of admin group privileges
https://notcve.org/view.php?id=CVE-2020-10783
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de escalada de privilegios basada en roles. Un atacante con grupo EVM-Operador puede llevar a cabo acciones restringidas solo para el grupo EVM-Super-administrador, conlleva a, exportar o importar archivos de administrador A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator. Refer CVE-2020-25716 for remaining RBAC group fixes. • https://access.redhat.com/security/cve/cve-2020-10783 https://bugzilla.redhat.com/show_bug.cgi?id=1847811 https://access.redhat.com/security/cve/CVE-2020-10783 • CWE-284: Improper Access Control •
CVE-2020-10778 – CloudForms: Business logic bypass through widgets
https://notcve.org/view.php?id=CVE-2020-10778
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior. En Red Hat CloudForms versiones 4.7 y 5, los widgets de solo lectura pueden ser editados inspeccionando los formularios y eliminando el atributo deshabilitado desde los campos, ya que no existe comprobación del lado del servidor. Este fallo de lógica de negocios viola el comportamiento esperado A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields. • https://access.redhat.com/security/cve/cve-2020-10778 https://bugzilla.redhat.com/show_bug.cgi?id=1847628 https://access.redhat.com/security/cve/CVE-2020-10778 • CWE-669: Incorrect Resource Transfer Between Spheres CWE-863: Incorrect Authorization •
CVE-2019-16892 – cfme: rubygem-rubyzip denial of service via crafted ZIP file
https://notcve.org/view.php?id=CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). En Rubyzip versiones anteriores a 1.3.0, un archivo ZIP diseñado puede omitir las comprobaciones de la aplicación en los tamaños de entrada ZIP porque los datos sobre el tamaño sin comprimir pueden ser falsificados. Esto permite a atacantes causar una denegación de servicio (consumo de disco). A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. • https://access.redhat.com/errata/RHBA-2019:4047 https://access.redhat.com/errata/RHSA-2019:4201 https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e https://github.com/rubyzip/rubyzip/pull/403 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J45KSFPP6DFVWLC7Z73L7SX735CKZYO6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWWPORMSBHZTMP4PGF4DQD22TTKBQMMC https://lists.fedoraproject.org/archives/list/package-announce%40l • CWE-400: Uncontrolled Resource Consumption •