Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2020-14296 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1847860 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-08-11T13:14:57
Updated: 2020-08-11T13:14:57
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14296
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-11T14:15:11.460
Modified: 2020-08-12T18:54:14.230
Link: CVE-2020-14296
JSON object: View
Redhat Information
No data.
CWE