Bug 1450150 (CVE-2017-7497)
| Summary: | CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cpelland, dajohnso, dclarizi, gblomqui, gmccullo, gtanzill, hhudgeon, jfrey, jhardy, jprause, kseifried, obarenbo, roliveri, simaishi, slong |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-02 19:12:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1448857, 1452867, 1452868 | ||
| Bug Blocks: | 1435396, 1450147 | ||
|
Description
Kurt Seifried
2017-05-11 16:37:08 UTC
Acknowledgments: Name: Gellert Kis (Red Hat) This issue has been addressed in the following products: CloudForms Management Engine 5.7 Via RHSA-2017:1601 https://access.redhat.com/errata/RHSA-2017:1601 This issue has been addressed in the following products: CloudForms Management Engine 5.8 Via RHSA-2017:1758 https://access.redhat.com/errata/RHSA-2017:1758 |