{"containers": {"cna": {"affected": [{"product": "CloudForms", "vendor": "n/a", "versions": [{"status": "affected", "version": "cfme 5.11.7.0"}]}], "descriptions": [{"lang": "en", "value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-11T12:49:44", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2020-14325"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14325", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CloudForms", "version": {"version_data": [{"version_value": "cfme 5.11.7.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}, {"name": "https://access.redhat.com/security/cve/cve-2020-14325", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2020-14325"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.480Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2020-14325"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14325", "datePublished": "2020-08-11T12:49:44", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.480Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*", "matchCriteriaId": "973CD398-5551-46DC-873D-374334918A4C", "versionEndExcluding": "5.11.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator."}, {"lang": "es", "value": "Red Hat CloudForms versiones anteriores a 5.11.7.0, era vulnerable a un fallo de autorizaci\u00f3n de Suplantaci\u00f3n de Usuario que permite a un atacante malicioso crear un usuario de control de acceso basado en roles existente y no existente, con grupos y roles. Con un grupo seleccionado de EvmGroup-super_administrator, un atacante puede llevar a cabo cualquier petici\u00f3n de la API como superadministrador"}], "id": "CVE-2020-14325", "lastModified": "2024-11-21T05:03:00.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-11T13:15:12.367", "references": [{"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2020-14325"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2020-14325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Alberto Bellotti (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:3574", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "impact": "critical", "package": "cfme-appliance-0:5.10.16.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2020-08-27T00:00:00Z"}, {"advisory": "RHSA-2020:3358", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "critical", "package": "cfme-0:5.11.7.3-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2020-08-06T00:00:00Z"}], "bugzilla": {"description": "CloudForms: User Impersonation in the API for OIDC and SAML", "id": "1855739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855739"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-285", "details": ["Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.", "A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request."], "mitigation": {"lang": "en:us", "value": "Red Hat recommends upgrading to secured released versions, however, this flaw can be mitigated by unseting RequestHeader in http configuration. Mitigation steps would be:\n1. Stop httpd service\n$ systemctl stop httpd\n2. Add following additional unset at `/etc/httpd/conf.d/manageiq-remote-user-openidc.conf` and `/etc/httpd/conf.d/manageiq-remote-user.conf`, right before `X_REMOTE_USER` unset. \n~~~\nRequestHeader unset X-REMOTE-USER\nRequestHeader unset X-REMOTE_USER\nRequestHeader unset X_REMOTE-USER\n~~~\n3. Validate configuration files to make sure all syntax is valid\n$ apachectl configtest\n4. Restart httpd service\n$ systemctl start httpd"}, "name": "CVE-2020-14325", "public_date": "2020-08-03T13:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14325\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14325\nhttps://github.com/ManageIQ/manageiq/security/advisories/GHSA-84f5-5g5v-g8vr"], "statement": "The vulnerability and related criticality depends on the product releases and protocols. \nIn CloudForms 5.11, attacker need to be authenticated through OIDC but SAML do not need any authentication for exploitation. However, for CloudForms 5.10, both SAML and OIDC protocols does not need authentication and attacker can impersonate users previously logged in.\nRed Hat does not support CloudForms 5.9 and earlier releases, however, confirms vulnerability affects SAML protocol but not OIDC.\nReference metrics: https://bugzilla.redhat.com/show_bug.cgi?id=1855739#c3", "threat_severity": "Critical"}