CVE-2020-10780

CloudForms: CSV Injection in Orchestration Templates

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.

Red Hat CloudForms versiones 4.7 y 5, está afectado por un fallo de inyección CSV, una carga útil diseñada permanece inactiva hasta que una víctima la exporta como CSV y abre el archivo con Excel. Una vez que la víctima abre el archivo, la fórmula es ejecutada, desencadenando cualquier número de posibles eventos. Si bien esto no es estrictamente un fallo que afecte directamente a una aplicación, los atacantes podrían usar los parámetros poco comprobados para desencadenar varias posibilidades de ataque

A flaw was found in Orchestration Template of Red Hat CloudForms where a low privilege user could enter crafted CSV formulae. Successful exploitation will allow an attacker to execute arbitrary code with the privilege of currently logged in user of the system causing serious damage to the victim’s system.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2020-08-06 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-1236: Improper Neutralization of Formula Elements in a CSV File

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/cve-2020-10780	2021-07-21
https://bugzilla.redhat.com/show_bug.cgi?id=1847794	2020-08-06
https://access.redhat.com/security/cve/CVE-2020-10780	2020-08-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine"				4.7 Search vendor "Redhat" for product "Cloudforms Management Engine" and version "4.7"		-		Affected
Redhat Search vendor "Redhat"		Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine"				5.0 Search vendor "Redhat" for product "Cloudforms Management Engine" and version "5.0"		-		Affected