CVE-2020-10778
N/A
N/A
Summary
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | CloudForms | 4.7 and 5 | affected |
Weaknesses
- Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1847628
- https://access.redhat.com/security/cve/cve-2020-10778
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1847628
- https://access.redhat.com/security/cve/cve-2020-10778
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.