Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-14325

Опубликовано: 03 авг. 2020
Источник: redhat
CVSS3: 9.9
EPSS Низкий

Описание

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request.

Отчет

The vulnerability and related criticality depends on the product releases and protocols. In CloudForms 5.11, attacker need to be authenticated through OIDC but SAML do not need any authentication for exploitation. However, for CloudForms 5.10, both SAML and OIDC protocols does not need authentication and attacker can impersonate users previously logged in. Red Hat does not support CloudForms 5.9 and earlier releases, however, confirms vulnerability affects SAML protocol but not OIDC. Reference metrics: https://bugzilla.redhat.com/show_bug.cgi?id=1855739#c3

Меры по смягчению последствий

Red Hat recommends upgrading to secured released versions, however, this flaw can be mitigated by unseting RequestHeader in http configuration. Mitigation steps would be:

  1. Stop httpd service $ systemctl stop httpd
  2. Add following additional unset at /etc/httpd/conf.d/manageiq-remote-user-openidc.conf and /etc/httpd/conf.d/manageiq-remote-user.conf, right before X_REMOTE_USER unset.
RequestHeader unset X-REMOTE-USER RequestHeader unset X-REMOTE_USER RequestHeader unset X_REMOTE-USER
  1. Validate configuration files to make sure all syntax is valid $ apachectl configtest
  2. Restart httpd service $ systemctl start httpd

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1855739CloudForms: User Impersonation in the API for OIDC and SAML

EPSS

Процентиль: 47%
0.00241
Низкий

9.9 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-14325

CVSS3: 9.1
nvd
больше 5 лет назад

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.

fstec логотип

BDU:2020-03899

CVSS3: 9.9
fstec
больше 5 лет назад

Уязвимость программной платформы для управления виртуальными средами CloudForms Management Engine, связанная с ошибками авторизации, позволяющая нарушителю создавать существующих и несуществующих пользователей управления доступом на основе ролей с группами и ролями

EPSS

Процентиль: 47%
0.00241
Низкий

9.9 Critical

CVSS3