CVE-2020-10778

Summary

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

Affected Software

VendorProductVersion RangeStatus
n/aCloudForms4.7 and 5affected

Weaknesses

  • Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

References