CVE-2017-2632

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.

Published : 2018-07-27 19:29 Updated : 2019-10-09 23:26

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Redhat Cloudforms 4.2 cpe:/a:redhat:cloudforms:4.2
Redhat Cloudforms Management Engine 5.1 cpe:/a:redhat:cloudforms_management_engine:5.1
Redhat Cloudforms Management Engine 5.4.4 cpe:/a:redhat:cloudforms_management_engine:5.4.4
Redhat Cloudforms Management Engine 5.5.0 cpe:/a:redhat:cloudforms_management_engine:5.5.0
Redhat Cloudforms Management Engine - cpe:/a:redhat:cloudforms_management_engine:-
Redhat Cloudforms Management Engine 2.0 cpe:/a:redhat:cloudforms_management_engine:2.0
Redhat Cloudforms Management Engine 4.1 cpe:/a:redhat:cloudforms_management_engine:4.1
Redhat Cloudforms Management Engine 5.0 cpe:/a:redhat:cloudforms_management_engine:5.0
Redhat Cloudforms Management Engine 5.2 cpe:/a:redhat:cloudforms_management_engine:5.2
Redhat Cloudforms Management Engine 5.3 cpe:/a:redhat:cloudforms_management_engine:5.3
Redhat Cloudforms Management Engine 5.6 cpe:/a:redhat:cloudforms_management_engine:5.6
Redhat Cloudforms Management Engine 5.6.3 cpe:/a:redhat:cloudforms_management_engine:5.6.3
Redhat Cloudforms Management Engine 5.6.3.0 cpe:/a:redhat:cloudforms_management_engine:5.6.3.0
Redhat Cloudforms Management Engine 5.7 cpe:/a:redhat:cloudforms_management_engine:5.7
Redhat Cloudforms Management Engine 5.7.0 cpe:/a:redhat:cloudforms_management_engine:5.7.0
Redhat Cloudforms Management Engine 5.7.1 cpe:/a:redhat:cloudforms_management_engine:5.7.1
  1. Redhat (2) Search CVE
    1. Cloudforms (1) Search CVE
      1. 4.2
    2. Cloudforms Management Engine (15) Search CVE
      1. 5.1
      2. 5.4.4
      3. 5.5.0
      4. -
      5. 2.0
      6. 4.1
      7. 5.0
      8. 5.2
      9. 5.3
      10. 5.6
      11. 5.6.3
      12. 5.6.3.0
      13. 5.7
      14. 5.7.0
      15. 5.7.1

CWE

ID Name Description Links
CWE-863 Incorrect Authorization The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. CVE

History of changes

Date Event
2019-10-03 00:03
2018-09-27 12:22
2018-07-29 01:29
2018-07-27 19:29

New CVE