CVE-2020-25716

CWE-285CWE-284Improper Access Control4 documents3 sources
Severity
8.1HIGH
EPSS
0.2%
top 63.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedJun 7

Description

A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDredhat/cloudforms< 5.11.10.1
CVEListV5cloudformsbefore cfme 5.11.10.1

🔴Vulnerability Details

1
CVEList
CVE-2020-25716: A flaw was found in Cloudforms2021-06-07

📋Vendor Advisories

2
Red Hat
Cloudforms: Incomplete fix for CVE-2020-107832020-11-17
Red Hat
CloudForms: Missing access control leads to escalation of admin group privileges2020-08-03
CVE-2020-25716 (HIGH CVSS 8.1) | A flaw was found in Cloudforms | cvebase.io