CVE-2017-2632

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.

Published : 2018-07-27 19:29 Updated : 2018-09-27 12:22

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Redhat Cloudforms 4.2 cpe:/a:redhat:cloudforms:4.2
Redhat Cloudforms Management Engine 5.1 cpe:/a:redhat:cloudforms_management_engine:5.1
Redhat Cloudforms Management Engine 5.4.4 cpe:/a:redhat:cloudforms_management_engine:5.4.4
Redhat Cloudforms Management Engine 5.5.0 cpe:/a:redhat:cloudforms_management_engine:5.5.0
  1. Redhat (2) Search CVE
    1. Cloudforms (1) Search CVE
      1. 4.2
    2. Cloudforms Management Engine (3) Search CVE
      1. 5.1
      2. 5.4.4
      3. 5.5.0

CWE

ID Name Description Links
CWE-285 Improper Authorization The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. CVE

History of changes

Date Event
2018-09-27 12:22
2018-07-29 01:29
2018-07-27 19:29

New CVE