RHSA-2020:3358CriticalCVSS 9.9

Red Hat Security Advisory: CloudForms 5.0.7 bug fix and enhancement update

Published
August 6, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2020-10777 — CloudForms: Cross Site Scripting in report menu title / HTML Code Injection CVE-2020-10778 — CloudForms: Business logic bypass through widgets CVE-2020-10779 — CloudForms: Missing functional level access control & IDOR lead to compromise CVE-2020-10780 — CloudForms: CSV Injection in Orchestration Templates CVE-2020-10783 — CloudForms: Missing access control leads to escalation of admin group privileges CVE-2020-14296 — CloudForms: Server-Side Request Forgery (SSRF) in Ansible Tower Provider CVE-2020-14324 — CloudForms: Out-of-band OS Command Injection through conversion host CVE-2020-14325 — CloudForms: User Impersonation in the API for OIDC and SAML

🔗 References (38)