{"containers": {"cna": {"affected": [{"product": "cfme", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-27T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905"}, {"name": "RHSA-2018:2745", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2745"}, {"name": "RHSA-2018:2561", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2561"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10905", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "cfme", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user."}]}, "impact": {"cvss": [[{"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905"}, {"name": "RHSA-2018:2745", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2745"}, {"name": "RHSA-2018:2561", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2561"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.246Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905"}, {"name": "RHSA-2018:2745", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2745"}, {"name": "RHSA-2018:2561", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2561"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10905", "datePublished": "2018-07-24T13:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:54:36.246Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E1BA91-4695-4E64-A9D7-4A6CB6904D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "797195CF-CED6-4B72-878C-F7E987E9932F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "AF039B5E-8906-4B26-A6FA-BBF500F6FABE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user."}, {"lang": "es", "value": "CloudForms Management Engine (cfme) es vulnerable a una opci\u00f3n de seguridad incorrecta en el componente dRuby de CloudForms. Un atacante con acceso a un shell local sin privilegios podr\u00eda emplear este error para ejecutar comandos como usuario con altos privilegios."}], "id": "CVE-2018-10905", "lastModified": "2024-11-21T03:42:16.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-24T13:29:00.447", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2561"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2745"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10905"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Stephen Gappinger (American Express) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:2745", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "ansible-tower-0:3.1.8-1.el7at", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-09-26T00:00:00Z"}, {"advisory": "RHSA-2018:2745", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-0:5.8.5.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-09-26T00:00:00Z"}, {"advisory": "RHSA-2018:2745", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-appliance-0:5.8.5.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-09-26T00:00:00Z"}, {"advisory": "RHSA-2018:2745", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "cfme-gemset-0:5.8.5.1-1.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-09-26T00:00:00Z"}, {"advisory": "RHSA-2018:2745", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.8::el7", "package": "rh-postgresql95-postgresql-pglogical-0:1.2.1-2.el7cf", "product_name": "CloudForms Management Engine 5.8", "release_date": "2018-09-26T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-0:5.9.4.7-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-amazon-smartstate-0:5.9.4.7-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-appliance-0:5.9.4.7-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-gemset-0:5.9.4.7-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-postgresql95-postgresql-pglogical-0:2.1.0-4.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2561", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-redhat_access_cfme-0:2.0.3-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-09-04T00:00:00Z"}], "bugzilla": {"description": "cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root", "id": "1602190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602190"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.", "CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby (DRb) module installed on the system to execute arbitrary shell commands using `instance_eval()`."], "mitigation": {"lang": "en:us", "value": "Administrators of the CloudForms appliance can filter local packages going to the port where MIQ Server is listening, by using the following iptables command:\n# iptables -I OUTPUT 1 -o lo -d localhost/32 -p tcp -m tcp --dport <MIQ Server port> -m owner '!' --uid-owner root -j DROP\nWhere the MIQ Server port can be found using netstat command:\n# netstat -nl --tcp -p | grep -i \"miq server\""}, "name": "CVE-2018-10905", "public_date": "2018-07-20T19:54:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-10905\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10905"], "threat_severity": "Important", "upstream_fix": "cfme 5.8.5.0, cfme 5.9.4.2"}