CRLF Injection Vulnerability in Red Hat CloudForms Management Engine
CVE-2017-7528

5.2MEDIUM

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
22 August 2018

Summary

The Ansible Tower component within the Red Hat CloudForms Management Engine 5 is susceptible to a CRLF injection vulnerability through the X-Forwarded-For header. This flaw enables internal servers to initiate the deployment of unauthorized systems via callback mechanisms, raising significant security concerns. Organizations using this software must take immediate measures to mitigate the risk associated with this vulnerability to protect their infrastructure from potential exploitation.

Affected Version(s)

Ansible Tower As shipped with Red Hat CloudForms Management Engine 5

References

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.