CVE-2017-2632

4.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Cfme
Vendor: CVE Published:; 27 July 2018

Summary

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.

Affected Version(s)

cfme 5.7.1.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2632

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96478

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2017-0320.html

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016

.