CVE-2020-14369: CSRF
First published: Mon Aug 24 2020(Updated: )
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Cloudforms | <=5.11 | |
| redhat/cfme-gemset 5.11.8.1 | <1 | 1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14369?
CVE-2020-14369 is a Cross Site Request Forgery vulnerability found in Red Hat CloudForms.
What is the severity of CVE-2020-14369?
The severity of CVE-2020-14369 is medium with a CVSS score of 6.3.
How does CVE-2020-14369 affect Red Hat CloudForms?
CVE-2020-14369 forces end users to execute unwanted actions on a web application in which the user is currently authenticated.
How can an attacker exploit CVE-2020-14369?
An attacker can exploit CVE-2020-14369 by making a forgery HTTP request to the server by crafting a custom flash file.
How can I fix CVE-2020-14369?
To fix CVE-2020-14369, it is recommended to apply the released patch or update to a version of Red Hat CloudForms that is not affected.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14369
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat cloudforms
- version/redhat cloudforms/5.11
- package-manager/redhat