RHSA-2020:3574CriticalCVSS 9.9
Red Hat Security Advisory: CloudForms 4.7.16 security, bug fix and enhancement update
🔗 CVE IDs covered (4)
📋 Description
CVE-2020-10778 — CloudForms: Business logic bypass through widgets CVE-2020-10783 — CloudForms: Missing access control leads to escalation of admin group privileges CVE-2020-14324 — CloudForms: Out-of-band OS Command Injection through conversion host CVE-2020-14325 — CloudForms: User Impersonation in the API for OIDC and SAML
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2020:3574
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/release_notes
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1811145
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847628
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1847811
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1855713
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1855739
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3574.json