CVE-2017-2653

Name of the Vulnerable Software and Affected Versions: CloudForms versions prior to 5.7.2.1

Description: The issue allows an attacker to bypass the protect from forgery XSRF protection by accessing unused delete routes via GET requests, which could normally only be accessed via POST requests. This attack would require additional cross-site scripting or similar attacks in order to execute.

Recommendations: For versions prior to 5.7.2.1, update to version 5.7.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the unused delete routes to minimize the risk of exploitation.