Cross-Site Request Forgery Vulnerability in CloudForms by Red Hat
CVE-2017-2653
4.1MEDIUM
Summary
CloudForms, prior to version 5.7.2.1, exposes certain unused delete routes that can be manipulated through GET requests instead of the intended POST requests. This flaw can potentially allow an attacker to circumvent XSRF protections, providing an opportunity to exploit the application using various attack vectors. Successful exploitation would likely require additional techniques, such as cross-site scripting, to fully leverage this vulnerability.
Affected Version(s)
CloudForms 5.7.2.1
References
CVSS V3.1
Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved