CVE-2020-10778

CWE-669CWE-440CWE-863Incorrect Authorization4 documents4 sources
Severity
6.0MEDIUM
EPSS
0.4%
top 41.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedAug 11

Description

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages2 packages

CVEListV5cloudforms4.7 and 5
NVDredhat/cloudforms4.7, 5.0.0+1

🔴Vulnerability Details

1
CVEList
CVE-2020-10778: In Red Hat CloudForms 42020-08-11

📋Vendor Advisories

1
Red Hat
CloudForms: Business logic bypass through widgets2020-08-03

💬Community

1
Bugzilla
CVE-2020-10778 CloudForms: Business logic bypass through widgets2020-06-16
CVE-2020-10778 (MEDIUM CVSS 6) | In Red Hat CloudForms 4.7 and 5 | cvebase.io