This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-12-02T14:28:04
Updated: 2024-08-04T12:46:33.285Z
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14369
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-02T15:15:12.313
Modified: 2024-11-21T05:03:06.627
Link: CVE-2020-14369
Redhat