Описание
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator.
Refer CVE-2020-25716 for remaining RBAC group fixes.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Дополнительная информация
Статус:
EPSS
8.4 High
CVSS3
Связанные уязвимости
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
Уязвимость программной платформы для управления виртуальными средами CloudForms Management Engine, связанная с недостатками контроля доступа, позволяющая нарушителю повысить свои привилегии
EPSS
8.4 High
CVSS3