CVE-2017-15123

CWE-306Missing Authentication5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 52.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Cloudforms Management EngineRedhat Cloudforms
Timeline
PublishedJun 12
Latest updateMay 24

Description

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5redhat/cloudforms5.8 - 5.10

🔴Vulnerability Details

2
GHSA
GHSA-9j5r-6jgc-rgpx: A flaw was found in the CloudForms web interface, versions 52022-05-24
CVEList
CVE-2017-15123: A flaw was found in the CloudForms web interface, versions 52019-06-12

📋Vendor Advisories

1
Red Hat
CloudForms: RSS links are accessible without any authentication2019-06-05

💬Community

1
Bugzilla
CVE-2017-15123 CloudForms: RSS links are accessible without any authentication2017-12-11
CVE-2017-15123 (MEDIUM CVSS 5.3) | A flaw was found in the CloudForms | cvebase.io