CVE-2017-15123

Name of the Vulnerable Software and Affected Versions CloudForms versions 5.8 through 5.10

Description A flaw was found in the CloudForms web interface where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms, including data such as newly created virtual machines.

Recommendations For CloudForms versions 5.8 through 5.10, restrict access to the RSS feed URLs to authenticated users only to prevent unauthorized viewing of sensitive information. As a temporary workaround, consider disabling the RSS feed feature until a patch is available.