CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25716 – Cloudforms: Incomplete fix for CVE-2020-10783
https://notcve.org/view.php?id=CVE-2020-25716
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1898525 https://access.redhat.com/security/cve/CVE-2020-25716 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14369 – CloudForms: Cross Site Request Forgery in API notifications
https://notcve.org/view.php?id=CVE-2020-14369
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontró en Red Hat CloudForms que forza a los usuarios finales a ejecutar acciones no deseadas en una aplicación web en la que el usuario está actualmente autenticado. Un atacante puede hacer una petición HTTP falsificada al servidor al diseñar un archivo flash personalizado que puede obligar al usuario a llevar a cabo una petición de cambio de estado, como aprovisionar máquinas virtuales, ejecutando libros de jugadas de ansible, etc • https://bugzilla.redhat.com/show_bug.cgi?id=1871921 https://access.redhat.com/security/cve/CVE-2020-14369 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario de control de acceso basado en roles existente y no existente, con grupos y roles. Con un grupo seleccionado de EvmGroup-super_administrator, un atacante puede llevar a cabo cualquier petición de la API como superadministrador A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request. • https://access.redhat.com/security/cve/cve-2020-14325 https://bugzilla.redhat.com/show_bug.cgi?id=1855739 https://access.redhat.com/security/cve/CVE-2020-14325 • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 4%CPEs: 23EXPL: 2CVE-2018-7750 – Paramiko 2.4.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-7750
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. transport.py en la implementación del servidor SSH de Paramiko, en versiones anteriores a la 1.17.6; versiones 1.18.x anteriores a la 1.18.5; versiones 2.0.x anteriores a la 2.0.8; versiones 2.1.x anteriores a la 2.1.5; versiones 2.2.x anteriores a la 2.2.3; versiones 2.3.x anteriores a la 2.3.2 y versiones 2.4.x anteriores a la 2.4.1, no comprueba adecuadamente si la autenticación se ha completado antes de procesar otras peticiones, tal y como demuestra channel-open. Un cliente SSH personalizado puede simplemente omitir el paso de autenticación. It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko. • https://www.exploit-db.com/exploits/45712 https://github.com/jm33-m0/CVE-2018-7750 http://www.securityfocus.com/bid/103713 https://access.redhat.com/errata/RHSA-2018:0591 https://access.redhat.com/errata/RHSA-2018:0646 https://access.redhat.com/errata/RHSA-2018:1124 https://access.redhat.com/errata/RHSA-2018:1125 https://access.redhat.com/errata/RHSA-2018:1213 https://access.redhat.com/errata/RHSA-2018:1274 https://access.redhat.com/errata/RHSA-2018:1328 https:&#x • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5402 – cfme: RCE via Capacity & Utilization feature
https://notcve.org/view.php?id=CVE-2016-5402
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. Se ha encontrado un error de inyección de código en la forma en la que se procesan los archivos de control de capacidad y utilización importados. Un atacante autenticado remoto con acceso a la característica de capacidad y utilización podría emplear este error para ejecutar código arbitrario como el usuario como el que se ejecuta CFME. • http://rhn.redhat.com/errata/RHSA-2016-2839.html http://www.securityfocus.com/bid/94612 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5402 https://access.redhat.com/security/cve/CVE-2016-5402 https://bugzilla.redhat.com/show_bug.cgi?id=1357559 • CWE-94: Improper Control of Generation of Code ('Code Injection') •