Main Vulnerability Database Vulnerabilities #VU45880

#VU45880 Missing Authorization in CloudForms - CVE-2020-10779

Published: August 11, 2020 / Updated: August 21, 2020

Vulnerability identifier: #VU45880

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-10779

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CloudForms

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/security/cve/cve-2020-10779
https://bugzilla.redhat.com/show_bug.cgi?id=1847647

#VU45880 Missing Authorization in CloudForms - CVE-2020-10779

Description

Remediation

External links

Please verify you're human