CVE-2017-11610 – Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. El servidor XML-RPC en supervisor en versiones anteriores a la 3.0.1, 3.1.x en versiones anteriores a la 3.1.4, 3.2.x en versiones anteriores a la 3.2.4, y 3.3.x en versiones anteriores a la 3.3.3 permite que atacantes remotos autenticados ejecuten comandos arbitrarios mediante una petición XML-RPC, relacionada con búsquedas de espacio de nombres supervisor anidados. A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord service. • https://www.exploit-db.com/exploits/42779 https://github.com/yaunsky/CVE-2017-11610 https://github.com/ivanitlearning/CVE-2017-11610 http://www.debian.org/security/2017/dsa-3942 https://access.redhat.com/errata/RHSA-2017:3005 https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt https://github.com/Supervisor/supervisor/blob/3.3. • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-276: Incorrect Default Permissions •
CVE-2017-7530 – cfme: Execution of arbitrary methods through filter param
https://notcve.org/view.php?id=CVE-2017-7530
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs). En CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y versiones 5.8.x anteriores a la 5.8.1, se ha detectado que falta la comprobación de privilegios cuando se invocan métodos arbitrarios filtrando las máquinas virtuales que MiqExpression va a ejecutar. Esta condición puede ser desencadenada por los usuarios de la API. Un atacante podría utilizarlo para ejecutar acciones para las que no debería estar autorizado (por ejemplo, destruir máquinas virtuales). • http://www.securityfocus.com/bid/100151 https://access.redhat.com/errata/RHSA-2017:1758 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7530 https://access.redhat.com/security/cve/CVE-2017-7530 https://bugzilla.redhat.com/show_bug.cgi?id=1465448 • CWE-862: Missing Authorization •
CVE-2017-2664 – CloudForms: lack of RBAC on various methods in web UI
https://notcve.org/view.php?id=CVE-2017-2664
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. CloudForms Management Engine (cfme) en versiones anteriores a la 5.7.3 y 5.8.x anteriores a la 5.8.1 carece de controles RBAC en determinados métodos en la parte de la aplicación rails de CloudForms. Un atacante con acceso podría utilizar una variedad de métodos en la parte de la aplicación rails de CloudForms para escalar privilegios. CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. • http://www.securityfocus.com/bid/100148 https://access.redhat.com/errata/RHSA-2017:1758 https://access.redhat.com/errata/RHSA-2017:3484 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2664 https://access.redhat.com/security/cve/CVE-2017-2664 https://bugzilla.redhat.com/show_bug.cgi?id=1435393 • CWE-284: Improper Access Control •
CVE-2016-7047 – cfme: API leaks any MiqReportResult
https://notcve.org/view.php?id=CVE-2016-7047
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. Se ha detectado un error en la API CloudForms en versiones anteriores a las 5.6.3.0, 5.7.3.1 y 5.8.1.2. Un usuario con permisos para emplear la funcionalidad MiqReportResults en la API podría ver datos de otros inquilinos o grupos a los que no debería tener acceso. A flaw was found in the CloudForms API. • http://www.securityfocus.com/bid/99329 https://access.redhat.com/errata/RHSA-2017:1601 https://access.redhat.com/errata/RHSA-2017:1758 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7047 https://access.redhat.com/security/cve/CVE-2016-7047 https://bugzilla.redhat.com/show_bug.cgi?id=1374215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-2639 – CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA
https://notcve.org/view.php?id=CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms. Se ha detectado que CloudForms no verifica que el nombre de host del servidor coincida con el nombre de dominio en el certificado cuando se utiliza una CA personalizada y se comunica con Red Hat Virtualization (RHEV) y OpenShift. Esto permitiría a un atacante falsificar sistemas RHEV u OpenShift y potencialmente obtener información sensible de CloudForms. • http://www.securityfocus.com/bid/98769 http://www.securitytracker.com/id/1038599 https://access.redhat.com/errata/RHSA-2017:1367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639 https://access.redhat.com/security/cve/CVE-2017-2639 https://bugzilla.redhat.com/show_bug.cgi?id=1429632 • CWE-295: Improper Certificate Validation •