CVE-2020-10778

Published: Aug 11, 2020Modified: Nov 21, 2024

6.0

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Exploitability: 1.2 / Impact: 4.7

Source: NVD

Description

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

Affected (2)

Products: Redhat: Cloudforms

Redhat

1 product

Cloudforms

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.7
Redhat Cloudforms	Version 5.0.0

Related CWEs

CWE-669

Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References (4)

https://access.redhat.com/security/cve/cve-2020-10778

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1847628

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/cve-2020-10778

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1847628

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.