Logic Error in CloudForms Role Validation Leading to Privilege Escalation
CVE-2017-2632

4.9MEDIUM

Key Information:

Vendor
Red Hat
Status
Cfme
Vendor
CVE Published:
27 July 2018

Summary

A logic error in the valid_role() function in versions of CloudForms before 5.7.1.3 allows tenant administrators to create groups with privileges exceeding their expected level. This issue can be exploited by an attacker with administrator access to elevate their privileges, which may lead to unauthorized access to sensitive operations within the environment. It is crucial for affected users to apply the necessary updates to mitigate this risk.

Affected Version(s)

cfme 5.7.1.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2632
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96478
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2017-0320.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.