Back to bug 1374215
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-08 09:27:44 UTC | CC | security-response-team | |
| Adam Mariš | 2016-09-08 09:29:56 UTC | CC | slukasik | |
| Adam Mariš | 2016-09-08 09:31:23 UTC | Blocks | 1374219 | |
| Kurt Seifried | 2016-09-11 03:10:49 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.4/cfme=new,cfme-5.5/cfme=new | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.4/cfme=wontfix,cfme-5.5/cfme=affected |
| Kurt Seifried | 2016-09-11 03:15:23 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.4/cfme=wontfix,cfme-5.5/cfme=affected | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.4/cfme=wontfix,cfme-5.7/cfme=affected |
| Kurt Seifried | 2016-09-11 03:19:01 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.4/cfme=wontfix,cfme-5.7/cfme=affected | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.6/cfme=wontfix,cfme-5.7/cfme=affected |
| Kurt Seifried | 2016-09-11 03:20:12 UTC | Depends On | 1374965 | |
| Kurt Seifried | 2016-09-16 17:44:05 UTC | Alias | CVE-2016-7047 | |
| Kurt Seifried | 2016-09-16 17:44:10 UTC | Summary | EMBARGOED cfme: API leaks any MiqReportResult | EMBARGOED CVE-2016-7047 cfme: API leaks any MiqReportResult |
| Kurt Seifried | 2016-09-16 17:48:47 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.6/cfme=wontfix,cfme-5.7/cfme=affected | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.6/cfme=affected,cfme-5.7/cfme=affected |
| Kurt Seifried | 2016-09-16 17:49:10 UTC | Depends On | 1376875 | |
| Kurt Seifried | 2016-09-16 17:49:21 UTC | Depends On | 1376876 | |
| Kurt Seifried | 2016-10-31 17:16:59 UTC | Doc Text | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability could use this flaw to leak data from other tenants our groups. | |
| Kurt Seifried | 2016-10-31 20:41:36 UTC | Doc Text | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability could use this flaw to leak data from other tenants our groups. | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants our groups that they should not have access to. |
| Eric Christensen | 2016-10-31 20:45:00 UTC | Doc Text | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants our groups that they should not have access to. | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups that they should not have access to. |
| Šimon Lukašík | 2016-11-03 10:55:12 UTC | Status | NEW | ASSIGNED |
| Kurt Seifried | 2016-11-29 17:04:19 UTC | Depends On | 1376877 | |
| Kurt Seifried | 2016-11-30 16:12:40 UTC | Depends On | 1376877 | |
| Šimon Lukašík | 2017-04-13 09:04:19 UTC | CC | lpichler | |
| Kurt Seifried | 2017-04-20 20:33:04 UTC | Status | ASSIGNED | CLOSED |
| Resolution | --- | DUPLICATE | ||
| Last Closed | 2017-04-20 16:33:04 UTC | |||
| Kurt Seifried | 2017-04-20 20:35:39 UTC | Status | CLOSED | NEW |
| Resolution | DUPLICATE | --- | ||
| Keywords | Reopened | |||
| Kurt Seifried | 2017-04-20 20:37:54 UTC | Blocks | 1435396 | |
| Kurt Seifried | 2017-05-12 18:35:03 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5.6/cfme=affected,cfme-5.6/cfme=affected,cfme-5.7/cfme=affected | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5/cfme=affected |
| Kurt Seifried | 2017-05-12 18:35:22 UTC | Depends On | 1450493 | |
| Summer Long | 2017-06-28 00:14:22 UTC | CC | slong | |
| Doc Text | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups that they should not have access to. | A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. | ||
| Kurt Seifried | 2017-06-28 15:32:47 UTC | Whiteboard | impact=low,public=no,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5/cfme=affected | impact=low,public=20170628,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5/cfme=affected |
| Kurt Seifried | 2017-06-28 15:32:52 UTC | Summary | EMBARGOED CVE-2016-7047 cfme: API leaks any MiqReportResult | CVE-2016-7047 cfme: API leaks any MiqReportResult |
| Kurt Seifried | 2017-06-28 15:32:58 UTC | Group | security, qe_staff | |
| Kurt Seifried | 2017-08-02 19:11:57 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-04-20 16:33:04 UTC | 2017-08-02 15:11:57 UTC | ||
| Andrej Nemec | 2018-09-11 12:01:36 UTC | Fixed In Version | cfme 5.8.1.2, cfme 5.7.3.1, cfme 5.6.3.0 | |
| Product Security DevOps Team | 2019-09-29 13:56:12 UTC | Whiteboard | impact=low,public=20170628,reported=20160907,source=redhat,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,cfme-5/cfme=affected |
Back to bug 1374215