The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2017:1601 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:1758 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7497 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-27T15:00:00
Updated: 2018-07-28T09:57:01
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7497
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-27T15:29:00.517
Modified: 2023-02-12T23:30:13.870
Link: CVE-2017-7497
JSON object: View
Redhat Information
No data.