CVE-2020-10779

CWE-639Insecure Direct Object ReferenceCWE-284Improper Access Control4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedAug 11

Description

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cloudforms4.7 and 5
NVDredhat/cloudforms4.7, 5.0.0+1

🔴Vulnerability Details

1
CVEList
CVE-2020-10779: Red Hat CloudForms 42020-08-11

📋Vendor Advisories

1
Red Hat
CloudForms: Missing functional level access control & IDOR lead to compromise2020-08-03

💬Community

1
Bugzilla
CVE-2020-10779 CloudForms: Missing functional level access control & IDOR lead to compromise2020-06-16
CVE-2020-10779 (MEDIUM CVSS 6.5) | Red Hat CloudForms 4.7 and 5 leads | cvebase.io