CVE-2020-25716 – Cloudforms: Incomplete fix for CVE-2020-10783
https://notcve.org/view.php?id=CVE-2020-25716
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1898525 https://access.redhat.com/security/cve/CVE-2020-25716 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVE-2020-14369 – CloudForms: Cross Site Request Forgery in API notifications
https://notcve.org/view.php?id=CVE-2020-14369
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontró en Red Hat CloudForms que forza a los usuarios finales a ejecutar acciones no deseadas en una aplicación web en la que el usuario está actualmente autenticado. Un atacante puede hacer una petición HTTP falsificada al servidor al diseñar un archivo flash personalizado que puede obligar al usuario a llevar a cabo una petición de cambio de estado, como aprovisionar máquinas virtuales, ejecutando libros de jugadas de ansible, etc • https://bugzilla.redhat.com/show_bug.cgi?id=1871921 https://access.redhat.com/security/cve/CVE-2020-14369 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-10779 – CloudForms: Missing functional level access control & IDOR lead to compromise
https://notcve.org/view.php?id=CVE-2020-10779
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms. Red Hat CloudForms versiones 4.7 y 5, conlleva a una referencia directa a objeto no segura (IDOR) y a una omisión de control de acceso de nivel funcional debido a una falta de comprobación de privilegios. Por lo tanto, si un atacante conoce los criterios correctos, es posible acceder a algunos datos confidenciales dentro de CloudForms A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature. • https://access.redhat.com/security/cve/cve-2020-10779 https://bugzilla.redhat.com/show_bug.cgi?id=1847647 https://access.redhat.com/security/cve/CVE-2020-10779 • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2020-10777 – CloudForms: Cross Site Scripting in report menu title / HTML Code Injection
https://notcve.org/view.php?id=CVE-2020-10777
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Se encontró un fallo de tipo cross-site scripting en la funcionalidad Report Menu de Red Hat CloudForms versiones 4.7 y 5. Un atacante podría usar este fallo para ejecutar un ataque de tipo XSS almacenado en un administrador de aplicaciones que usa CloudForms A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. • https://access.redhat.com/security/cve/cve-2020-10777 https://bugzilla.redhat.com/show_bug.cgi?id=1847605 https://access.redhat.com/security/cve/CVE-2020-10777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario de control de acceso basado en roles existente y no existente, con grupos y roles. Con un grupo seleccionado de EvmGroup-super_administrator, un atacante puede llevar a cabo cualquier petición de la API como superadministrador A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. • https://access.redhat.com/security/cve/cve-2020-14325 https://bugzilla.redhat.com/show_bug.cgi?id=1855739 https://access.redhat.com/security/cve/CVE-2020-14325 • CWE-285: Improper Authorization •