CVE-2020-10779

Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.

Published: Aug 11, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10779
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
redhat / cloudforms	4.7	4.7.x
redhat / cloudforms	5.0.0	5.0.0.x

https://access.redhat.com/security/cve/cve-2020-10779
https://bugzilla.redhat.com/show_bug.cgi?id=1847647

Vulnerability Database

289,599

CVE-2020-10779