PT-2020-6014 · Red Hat · Red Hat Cloudforms

Published

2020-08-24

Updated

2020-12-04

CVE-2020-14369

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat CloudForms (affected versions not specified)

Description A Cross Site Request Forgery vulnerability was found in Red Hat CloudForms, which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting a custom flash file, which can force the user to perform state-changing requests like provisioning VMs, running ansible playbooks, and so forth. The vulnerability is related to the lack of protection against cross-site request forgery (CSRF).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BDU:2021-02600

CVE-2020-14369

RHSA-2020:4134

Affected Products

Red Hat Cloudforms

PT-2020-6014 · Red Hat · Red Hat Cloudforms

CVE-2020-14369

Weakness Enumeration

Related Identifiers

Affected Products

References · 8