CVE-2017-2632
published 2018-07-27CVE-2017-2632: A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level…
medium4.9CVSS 3.0
AVNACLPRHUINSUCNIHAN
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | cfme | — | — |
| redhat | cloudforms | — | — |
| redhat | cloudforms_management_engine | < 5.7.1.3 | 5.7.1.3 |