CVE-2020-10780

Name of the Vulnerable Software and Affected Versions Red Hat CloudForms versions 4.7 through 5

Description The issue is related to a CSV Injection flaw. A crafted payload can remain dormant until a victim exports it as a CSV file and opens it with Excel. Once the file is opened, the formula executes, potentially triggering various events. Although this flaw does not directly affect the application, attackers could exploit loosely validated parameters to trigger several attack possibilities. The vulnerability exists due to insufficient input validation, which may allow a remote attacker to impact the confidentiality and integrity of protected information using a specially crafted CSV file.

Recommendations For Red Hat CloudForms versions 4.7 through 5, consider disabling the export to CSV feature until a patch is available to prevent potential exploitation. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using the affected feature in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.