CVE-2020-10783

CWE-285CWE-284Improper Access Control5 documents4 sources
Severity
8.3HIGH
EPSS
0.4%
top 42.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedAug 11
Latest updateNov 17

Description

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages2 packages

CVEListV5cloudforms4.7 and 5, before cfme 5.11.10.1+1
NVDredhat/cloudforms4.7, 5.0.0+1

🔴Vulnerability Details

1
CVEList
CVE-2020-10783: Red Hat CloudForms 42020-08-11

📋Vendor Advisories

2
Red Hat
Cloudforms: Incomplete fix for CVE-2020-107832020-11-17
Red Hat
CloudForms: Missing access control leads to escalation of admin group privileges2020-08-03

💬Community

1
Bugzilla
CVE-2020-10783 CloudForms: Missing access control leads to escalation of admin group privileges2020-06-17
CVE-2020-10783 (HIGH CVSS 8.3) | Red Hat CloudForms 4.7 and 5 is aff | cvebase.io