Back to bug 1383124
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jeremy Choi | 2016-10-10 01:55:19 UTC | CC | security-response-team | |
| Jeremy Choi | 2016-10-10 01:55:23 UTC | Blocks | 1383121 | |
| Kurt Seifried | 2016-10-13 04:38:39 UTC | Alias | CVE-2016-7071 | |
| Kurt Seifried | 2016-10-13 04:38:44 UTC | Summary | EMBARGOED CFME: bypass authorization by altering VM ID | EMBARGOED CVE-2016-7071 CFME: bypass authorization by altering VM ID |
| Kurt Seifried | 2016-10-15 01:16:01 UTC | Depends On | 1385188 | |
| Kurt Seifried | 2016-10-15 01:38:27 UTC | Doc Text | It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM | |
| Eric Christensen | 2016-10-17 13:34:18 UTC | Doc Text | It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM | It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. |
| Kurt Seifried | 2016-10-20 15:49:52 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-10-20 11:49:52 UTC | |||
| Kurt Seifried | 2016-10-27 16:42:32 UTC | Whiteboard | impact=important,public=no,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285/CWE-932,cfme-5.5/cfme=affected | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285/CWE-932,cfme-5.5/cfme=affected |
| Kurt Seifried | 2016-10-27 16:42:37 UTC | Summary | EMBARGOED CVE-2016-7071 CFME: bypass authorization by altering VM ID | CVE-2016-7071 CFME: bypass authorization by altering VM ID |
| Kurt Seifried | 2016-10-27 16:42:41 UTC | Group | security, qe_staff | |
| Andrej Nemec | 2016-10-31 08:30:40 UTC | Whiteboard | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285/CWE-932,cfme-5.5/cfme=affected | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,cfme-5.5/cfme=affected |
| Kurt Seifried | 2016-11-22 16:22:00 UTC | Whiteboard | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,cfme-5.5/cfme=affected | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,cfme-5/cfme=affected |
| Kurt Seifried | 2016-11-22 16:22:18 UTC | Depends On | 1397500 | |
| Andrej Nemec | 2018-09-10 14:17:05 UTC | Fixed In Version | cfme 5.6.2.2, cfme 5.7.0.7 | |
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=important,public=20161020,reported=20161007,source=customer,cvss2=9.0/AV:N/AC:L/Au:S/C:C/I:C/A:C,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-285,cfme-5/cfme=affected |
Back to bug 1383124