PT-2018-7149 · Red Hat · Cloudforms

Published

2018-07-27

Updated

2019-10-09

CVE-2017-2632

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: CloudForms versions prior to 5.7.1.3

Description: A logic error in the valid role() function in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have, potentially enabling an attacker with tenant administration access to elevate privileges.

Recommendations: For versions prior to 5.7.1.3, update to version 5.7.1.3 or later to resolve the issue.

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2017-2632

RHSA-2017:0320

Affected Products

Cloudforms

PT-2018-7149 · Red Hat · Cloudforms

CVE-2017-2632

Weakness Enumeration

Related Identifiers

Affected Products

References · 5