Back to search
CVE-2020-14369
Published: Dec 2, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
| Vendor | Product | Versions |
|---|---|---|
n/a | CloudForms | affected cfme-gemset 5.11.8.1-1 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1871921
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now