Описание
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1450150CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497
EPSS
Процентиль: 31%
0.00121
Низкий
4.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.1
nvd
больше 7 лет назад
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
CVSS3: 4.3
github
больше 3 лет назад
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
EPSS
Процентиль: 31%
0.00121
Низкий
4.1 Medium
CVSS3