CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25716 – Cloudforms: Incomplete fix for CVE-2020-10783
https://notcve.org/view.php?id=CVE-2020-25716
16 Dec 2020 — A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1898525 • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14369 – CloudForms: Cross Site Request Forgery in API notifications
https://notcve.org/view.php?id=CVE-2020-14369
30 Sep 2020 — This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontr... • https://bugzilla.redhat.com/show_bug.cgi?id=1871921 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14325 – CloudForms: User Impersonation in the API for OIDC and SAML
https://notcve.org/view.php?id=CVE-2020-14325
06 Aug 2020 — Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorización de Suplantación de Usuario que permite a un atacante malicioso crear un usuario... • https://access.redhat.com/security/cve/cve-2020-14325 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 9%CPEs: 11EXPL: 1CVE-2019-5419 – rubygem-actionpack: denial of service vulnerability in Action View
https://notcve.org/view.php?id=CVE-2019-5419
27 Mar 2019 — There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. Hay una posible vulnerabilidad de denegación de servicio (DoS) en la vista de acción en Rails, en versiones anteriores a las 5.2.2.1, 5.1.6.2, 5.0.7.2 y 4.2.11.1 donde las cabeceras de aceptación especialmente manipuladas pueden provocar que dicha vista consuma el 100 % de la CPU y... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 94%CPEs: 10EXPL: 12CVE-2019-5418 – Rails 5.2.1 - Arbitrary File Content Disclosure
https://notcve.org/view.php?id=CVE-2019-5418
21 Mar 2019 — There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. Existe una vulnerabilidad de Divulgación del contenido del archivo en la Vista de acción versión anterior a .2.2.1, versión anterior a 1.6.2, versión anterior a 5.0.7.2, versión anterior a 4.2.11.1 y v3, donde los encabezados de aceptación especialmente diseñados pueden expo... • https://packetstorm.news/files/id/180660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16476 – activejob: Information Exposure through deserialization using GlobalId
https://notcve.org/view.php?id=CVE-2018-16476
30 Nov 2018 — A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. Una vulnerabilidad del Control de acceso roto en las versiones de Trabajo activo> = versión 4.2.0 permite a un atacante crear una entrada de usuario que puede hacer que el Trabajo activo lo deser... • https://access.redhat.com/errata/RHSA-2019:0600 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10905 – cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root
https://notcve.org/view.php?id=CVE-2018-10905
24 Jul 2018 — CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user. CloudForms Management Engine (cfme) es vulnerable a una opción de seguridad incorrecta en el componente dRuby de CloudForms. Un atacante con acceso a un shell local sin privilegios podría emplear este error para ejecutar comandos como usuario con altos privilegios. Clou... • https://access.redhat.com/errata/RHSA-2018:2561 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 93%CPEs: 19EXPL: 3CVE-2018-3760 – rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files
https://notcve.org/view.php?id=CVE-2018-3760
26 Jun 2018 — There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Existe una vulnerabilidad de fuga de información en Sprockets. • https://github.com/mpgn/CVE-2018-3760 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-1000544 – rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
https://notcve.org/view.php?id=CVE-2018-1000544
26 Jun 2018 — rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. rubyzip gem rubyzip en versiones 1.2.1 y anteriores contiene una vulnerabilidad de salto de directorio en e... • https://access.redhat.com/errata/RHSA-2018:3466 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 2%CPEs: 12EXPL: 0CVE-2018-10855 – ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
https://notcve.org/view.php?id=CVE-2018-10855
19 Jun 2018 — Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca... • https://access.redhat.com/errata/RHBA-2018:3788 • CWE-532: Insertion of Sensitive Information into Log File •