RHSA-2020:3358CriticalCVSS 9.9
Red Hat Security Advisory: CloudForms 5.0.7 bug fix and enhancement update
🔗 CVE IDs covered (8)
📋 Description
CVE-2020-10777 — CloudForms: Cross Site Scripting in report menu title / HTML Code Injection CVE-2020-10778 — CloudForms: Business logic bypass through widgets CVE-2020-10779 — CloudForms: Missing functional level access control & IDOR lead to compromise CVE-2020-10780 — CloudForms: CSV Injection in Orchestration Templates CVE-2020-10783 — CloudForms: Missing access control leads to escalation of admin group privileges CVE-2020-14296 — CloudForms: Server-Side Request Forgery (SSRF) in Ansible Tower Provider CVE-2020-14324 — CloudForms: Out-of-band OS Command Injection through conversion host CVE-2020-14325 — CloudForms: User Impersonation in the API for OIDC and SAML
🔗 References (38)
- selfhttps://access.redhat.com/errata/RHSA-2020:3358
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/documentation/en-us/red_hat_cloudforms/5.0/html/release_notes
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1671330
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1713212
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1734629
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1734630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1741310
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1753586
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1757128
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1770197
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1809033
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1810040
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1810477
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826410
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1832278
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1834219
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1836125
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1836158
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1837993
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1838704
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1839770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1845281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1846281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847410
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847605
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847628
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847647
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847794
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847811
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847860
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847884
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847898
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1848265
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1850952
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1855713
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1855739
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3358.json