Logic Error in CloudForms Role Validation Leading to Privilege Escalation
CVE-2017-2632
4.9MEDIUM
Summary
A logic error in the valid_role() function in versions of CloudForms before 5.7.1.3 allows tenant administrators to create groups with privileges exceeding their expected level. This issue can be exploited by an attacker with administrator access to elevate their privileges, which may lead to unauthorized access to sensitive operations within the environment. It is crucial for affected users to apply the necessary updates to mitigate this risk.
Affected Version(s)
cfme 5.7.1.3
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved