Bug 1855713 (CVE-2020-14324)
Summary: | CVE-2020-14324 CloudForms: Out-of-band OS Command Injection through conversion host | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Yadnyawalk Tale <ytale> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | akarol, cbudzilo, dmetzger, gmccullo, gtanzill, jfrey, jhardy, obarenbo, roliveri, security-response-team, simaishi, smallamp |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cfme 5.11.7.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
An out-of-band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-06 19:28:00 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1855717, 1855718 | ||
Bug Blocks: | 1855677 |
Description
Yadnyawalk Tale
2020-07-10 10:02:39 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Acknowledgments: Name: Sruthi M (IBM), Pravat Kumar Sahoo (IBM) This issue has been addressed in the following products: CloudForms Management Engine 5.11 Via RHSA-2020:3358 https://access.redhat.com/errata/RHSA-2020:3358 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14324 This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2020:3574 https://access.redhat.com/errata/RHSA-2020:3574 |