PT-2018-4970 · Red Hat · Cloudforms
Adam Mariš
·
Publicado
2018-09-11
·
Atualizado
2019-10-09
·
CVE-2016-7047
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CloudForms versions prior to 5.6.3.0
CloudForms versions prior to 5.7.3.1
CloudForms versions prior to 5.8.1.2
Description
A flaw was found in the CloudForms API. A user with permissions to use the
MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.Recommendations
For versions prior to 5.6.3.0, update to version 5.6.3.0 or later.
For versions prior to 5.7.3.1, update to version 5.7.3.1 or later.
For versions prior to 5.8.1.2, update to version 5.8.1.2 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloudforms