Check CVE Id
Check CWE Id
CFME: CSRF protection vulnerability via permissive check of the referrer header
There is a possible denial of service vulnerability in Action View (Rails) <188.8.131.52, <184.108.40.206, <220.127.116.11, <18.104.22.168 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
There is a File Content Disclosure vulnerability in Action View <22.214.171.124, <126.96.36.199, <188.8.131.52, <184.108.40.206 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 220.127.116.11, 18.104.22.168, and 22.214.171.124.
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
A flaw was found in the CloudForms API before 126.96.36.199, 188.8.131.52 and 184.108.40.206. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
It was found that the CloudForms before 220.127.116.11, and 18.104.22.168 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
A number of unused delete routes are present in CloudForms before 22.214.171.124 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute.
A logic error in valid_role() in CloudForms role validation before 126.96.36.199 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
Back to Top