1. CVE-Search
  2. CVE-2017-2632
ID CVE-2017-2632
Summary A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:cloudforms_management_engine:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms_management_engine:5.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms_management_engine:5.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:cloudforms:4.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 09-10-2019 - 23:26)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2017:0320
rpms
  • cfme-0:5.7.1.3-1.el7cf
  • cfme-appliance-0:5.7.1.3-1.el7cf
  • cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf
  • cfme-debuginfo-0:5.7.1.3-1.el7cf
  • cfme-gemset-0:5.7.1.3-1.el7cf
refmap via4
bid 96478
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2632
Last major update 09-10-2019 - 23:26
Published 27-07-2018 - 19:29
Last modified 09-10-2019 - 23:26
Back to Top