Bug 1898525 (CVE-2020-25716)

Summary: CVE-2020-25716 Cloudforms: Incomplete fix for CVE-2020-10783
Product: [Other] Security Response Reporter: Yadnyawalk Tale <ytale>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: akarol, dmetzger, gmccullo, gtanzill, jfrey, jhardy, obarenbo, roliveri, simaishi, smallamp
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: cfme 5.11.10.1 Doc Type: ---
Doc Text:
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-15 22:19:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1898528, 1898529    
Bug Blocks: 1898520    

Description Yadnyawalk Tale 2020-11-17 12:52:36 UTC 
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with specific group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. Initial patches of CVE-2020-10783 were later considered incomplete for other RBAC groups.
Comment 1 Yadnyawalk Tale 2020-11-17 12:52:42 UTC 
Acknowledgments:

Name: Purnachand Pulahari (IBM), Ranjit Kumar Singh (IBM)
Comment 4 Yadnyawalk Tale 2020-11-17 14:47:22 UTC 
Statement:

This vulnerability stems from incomplete fixes for a previously disclosed CVE-2020-10783, which only fixed this flaw for EVM-Operator group.
Comment 5 Yadnyawalk Tale 2020-11-17 14:48:31 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 6 errata-xmlrpc 2020-12-15 21:17:35 UTC 
This issue has been addressed in the following products:

  CloudForms Management Engine 5.11

Via RHSA-2020:5554 https://access.redhat.com/errata/RHSA-2020:5554
Comment 7 Product Security DevOps Team 2020-12-15 22:19:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25716