Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloudforms
(Redhat)| Repositories |
• https://github.com/paramiko/paramiko
• https://github.com/sinatra/sinatra |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-11 | CVE-2020-14325 | Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. | Cloudforms | 9.1 | ||
| 2020-12-02 | CVE-2020-14369 | This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. | Cloudforms | 6.3 |