Bug 1744801 (CVE-2019-14841) - CVE-2019-14841 RHDM: admin console auth bypass
Summary: CVE-2019-14841 RHDM: admin console auth bypass
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14841
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1744775 1983122
TreeView+ depends on / blocked
 
Reported: 2019-08-22 21:47 UTC by Chess Hazlett
Modified: 2021-10-25 09:52 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
Clone Of:
Environment:
Last Closed: 2021-10-25 09:52:53 UTC
Embargoed:

Attachments (Terms of Use)

Description Chess Hazlett 2019-08-22 21:47:49 UTC 
An authenticated attacker can adjust his assigned role in response header, and gain admin access to the app.
Comment 1 Marek Novotny 2019-08-23 07:33:15 UTC 
Could we have more details on this problem? Also we need a jira if it is real CVE.
Comment 2 Rodrigo A B Freire 2019-08-23 13:20:37 UTC 
(In reply to Marek Novotny from comment #1)
> Could we have more details on this problem? Also we need a jira if it is
> real CVE.

Hi Marek,

Please reach Alexandre Porcelli, he has the reproducer.
Comment 3 Paramvir jindal 2019-09-06 05:16:40 UTC 
I am able to successfully replicate this. User can intercept the response and edit the role (from developer to admin in my test case) to admin and he will get the admin privileges in the console.
Note You need to log in before you can comment on or make changes to this bug.