Описание
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields.
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Уязвимость программной платформы для управления виртуальными средами CloudForms Management Engine, связанная с недостатками механизма авторизации, позволяющая нарушителю редактировать виджеты, доступные только для чтения
EPSS
8.2 High
CVSS3