CVE-2020-14325
Last modified
CVE-2020-14325 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | < 5.11.7.0 |
References
- https://access.redhat.com/security/cve/cve-2020-14325Mitigation, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1855739Issue Tracking, Mitigation, Vendor Advisory
- https://access.redhat.com/security/cve/cve-2020-14325Mitigation, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1855739Issue Tracking, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14325?
How severe is CVE-2020-14325?
How do I fix CVE-2020-14325?
Are you affected by CVE-2020-14325?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST