Release Notes

Red Hat CloudForms 5.0

Summary of new features, corrections, and known bugs for Red Hat CloudForms Management Engine 5.11

Red Hat CloudForms Documentation Team

Abstract

A summary of enhancements, known bugs, and support information for Red Hat CloudForms 5.0.
If you have a suggestion for improving this guide or have found an error, please submit a Bugzilla report at http://bugzilla.redhat.com against Red Hat CloudForms Management Engine for the Documentation component. Please provide specific details, such as the section number, guide name, and CloudForms version so we can easily locate the content.

Chapter 1. Introduction

Red Hat CloudForms Management Engine (CFME) delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure.

Red Hat CloudForms 5.0 is comprised of a single component, the CloudForms Management Engine. It has the following feature sets:

  • Insight: Discovery, Monitoring, Utilization, Performance, Reporting, Analytics, Chargeback, and Trending.
  • Control: Security, Compliance, Alerting, Policy-Based Resource and Configuration Management.
  • Automate: IT Process, Task and Event, Provisioning, Workload Management and Orchestration.
  • Integrate: Systems Management, Tools and Processes, Event Consoles, CMDB, RBA, and Web Services.

1.1. Getting Support

If you experience difficulty with a procedure described in this documentation, visit the Red Hat Customer Portal at http://access.redhat.com. Through the customer portal, you can:

  • Search or browse through a knowledgebase of technical support articles about Red Hat products
  • Submit a support case to Red Hat Global Support Services (GSS)
  • Access other product documentation

Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software and technology. You can find a list of publicly available mailing lists at https://www.redhat.com/mailman/listinfo. Click on the name of any mailing list to subscribe to that list or to access the list archives.

1.2. Red Hat CloudForms Life Cycle

For an overview of the life cycle phases for Red Hat CloudForms and the status of support for this product, see Red Hat Cloudforms Life Cycle.

Chapter 2. Migration Considerations

Note

If you want to migrate from a version prior to CloudForms 4.7 (CFME 5.10), you must first migrate to CloudForms 4.7 (CFME 5.10). You can migrate directly to CloudForms 5.0 (CFME 5.11) only from CloudForms 4.7 (CFME 5.10). See Migrating to Red Hat CloudForms 5.0 for more information.

2.1. Migrating to a New Appliance

If you are migrating from an existing appliance to a new one, the target appliance must be able to accommodate the new 12 Gb resource profile used by Red Hat CloudForms 5.0, even if the source appliance only uses 8 Gb.

2.2. Migrating on the same appliance

In-place upgrade to CloudForms 5.0 from previous versions is not supported.

Chapter 3. Technology Preview

The following enhancements are available with this release of Red Hat CloudForms as technology preview only.

Note

For more information on the support scope for features marked as technology previews, see Technology Preview Features Support Scope.

Alert Management
  • Red Hat CloudForms can receive alerts from Prometheus in OpenShift Container Platform
  • Alerts generated by Prometheus are visible in the Red Hat CloudForms user interface
  • Ability to assign alerts to a user and add notes
Integration with ServiceNow CMDB
You can integrate Red Hat CloudForms into ServiceNow to enable authentication with an existing ServiceNow database and add/amend items in the ServiceNow database during state machine processing, such as the virtual machine provisioning state machine.

Chapter 4. Enhancements

The following enhancements and new features are available with Red Hat CloudForms 5.0.

4.1. Ansible Automation

This CloudForms release improves Ansible Automation integration. Integration improvements include:

  • Support for Ansible Tower API v2 provider integration.
  • Automate designers or service authors can now pass variables between CloudForms and Ansible, as well as between successive playbook methods.
  • Support for running Ansible role affinity by zone.
  • Ansible Tower jobs can be used as Automate methods.
  • Two new Ansible roles are included in the CloudForms appliance:

    • manageiq-core.manageiq-automate
    • manageiq-core.manageiq-vmdb

4.2. User Experience (UX)

This CloudForms release contains a simplified and more consistent UI for a better user experience. Improvements include:

  • The Configuration menu for controlling global options in the CloudForms environment has been moved from the user settings menu. Configuration is now accessible from the gear icon at the top right corner of the UI.
  • Changes to the left navigation menu:

    • Cloud Intel has been renamed to Overview to provide a more accurate description.
    • Utilization has been moved under Overview.
  • Little-used menus removed:

    • RSS Feed and Timelines were deleted from the Cloud Intel menu. Timelines remain available from each object’s (for example, a cluster or VM’s) details page.
    • The Optimize menu has been deleted and its submenus (Bottleneck and Planning) removed.
  • User interface breadcrumbs have been made consistent throughout CloudForms for easier navigation between menus from the top of the UI.
  • Reorganized details screen for tenants ConfigurationAccess ControlTenants which includes a Relationships table listing Catalog Items and Bundles, Automate Domains and Providers owned by the tenant.
  • A welcome page has been added to guide users on how to add a provider when no providers exist yet in CloudForms.
  • Reports based on tables are more interactive, with the ability to sort columns and search within columns.
  • The global and remote regions are now shown on the logging screen.
  • The About screen shows the Red Hat CloudForms version in addition to the Red Hat CloudForms Management Engine version.
  • The Red Hat CloudForms logo on the top left banner can now be replaced by a custom PNG image from the Configuration menu.
  • Compliance status and history are now visible at the provider level.

4.3. Scalability

This CloudForms release includes enhancements for multi-region and import and export support. Improvements include:

  • The ability to import and export all CloudForms schedule items.
  • The ability to access and perform operations on virtual machines in a remote region from the global region.

4.4. Service Catalogs

This CloudForms release includes improvements to service catalogs including:

  • Service authors can now copy catalog items and catalog bundles.
  • Service authors can set a price per month and a currency for catalog items and bundles.
  • Catalog items can be now edited even when a provider template or image does not exist anymore.
  • The Lifecycle State status is now provided on the service details screen.

4.5. Tenancy

This CloudForms release includes the following enhancements to tenancy:

  • It is possible to control these operations for tenants using RBAC:

    • Add, edit, copy, and delete dialogs
    • Manage quota per tenant
  • It is possible to specify tenants for service availability during the service authoring workflow.

4.6. Automation

This CloudForms release includes the following enhancements to automation:

  • Scheduled Automate tasks can be executed in a specific zone.
  • Automate methods attached to dialogs can executed in a specific zone.
  • Git Automate domains can be created via API.

4.7. Providers

VMware

This release of Red Hat CloudForms contains the following new features and enhancements for VMware providers:

  • It is possible to select Lazy Zero or Eager Zero disk formats.

Red Hat OpenStack

This release of Red Hat CloudForms contains the following new features and enhancements for Red Hat OpenStack providers:

  • A new dashboard is available for tenant.
  • Floating IPs are now available in Reporting.
  • It is possible to select an availability zone when creating a volume.
  • It is possible to assign multiple Advanced Message Queuing Protocol (AMQP) endpoints.
  • Orchestration stacks are now bound to tenants.
  • It is possible to select a port ID during instance provisioning.
  • It is possible to choose allocation pools, DNS nameservers and host routes when creating an OpenStack network.

Red Hat Virtualization

This release of Red Hat CloudForms contains the following new features and enhancements for Red Hat Virtualization providers:

  • VM disks cloned from templates now have the virtual machine name as a prefix instead of the template name.
  • Snapshot total size is now collected during inventory refresh.

Amazon EC2

This release of Red Hat CloudForms contains the following new features and enhancements for Amazon EC2 providers:

  • Memory usage metrics for AWS instances are now collected from the new CloudWatch agent for Windows and Linux.

4.8. Other Updates

  • In high availability environments, failover status is now reported in evm.log instead of ha_admin.log.
  • The ability to clone dashboards in the user interface to easily share dashboard views with users who do not have permissions to manage resources.
  • The Optimization feature added to the Overview menu provides access to dynamic reports. Reports include:

    • Host CPU Trends
    • Host Memory Trends
    • Offline VMs with Snapshot
    • Top CPU Consumers
    • Top Memory Consumers
    • VMs with Volume Free >= 75
  • The ability to import and export Generic Object class definitions and namespaces.
  • This version of the Red Hat CloudForms appliance has been updated to Red Hat Enterprise Linux 8.

Chapter 5. Known Issues

These known issues exist in this Red Hat CloudForms version at this time:

Chapter 6. Deprecated Functionality

The following are deprecated with Red Hat CloudForms 5.0 (CFME 5.11).

Deprecated support for Red Hat CloudForms appliances running on the following cloud providers:

  • Microsoft Azure
  • Google Compute Engine
  • Red Hat OpenShift Platform

Podified Red Hat CloudForms appliance builds (CloudForms running on OpenShift) are no longer provided.

Deprecated provider:

  • Google Compute Engine

No longer supported for Cloud Intelligence:

  • RSS Feed
  • Timelines

No longer supported for Optimization:

  • Bottleneck
  • Planning

Additional deprecations:

  • Load balancer inventory for all public providers

No longer supported for Automate:

  • OpenShift deployment

6.1. Deprecated Functionality in Next Major Version

The following will be deprecated with the next release of Red Hat CloudForms 5.1 (CFME 5.12):

  • The miq-LDAP module will be replaced by external authentication.

Chapter 7. Changes in the Core Set of Ruby Gems

Users of Red Hat CloudForms can construct custom automation methods in Ruby to extend the product. Red Hat CloudForms ships with a core set of Ruby gems used by the CloudForms Management Engine (CFME) Rails Application. The Ruby gems in this set are subject to change, and have changed since the previous release. If you are calling gems using Automate that are no longer in the CloudForms Management Engine Appliance, you can install them by using the gem install command.

While gems can be imported into automation methods using require, it is recommended that the authors of the automation methods clearly document the use of gems either in the core set or a custom set. It is the responsibility of the author of such custom automation to own the life cycle of any gem being referenced in those methods.

You can find a list of all gems included in the appliance in /var/www/miq/vmdb/log/gem_list.txt

To get lists of all gems for different CloudForms Management Engine releases, see the following resource:

7.1. Red Hat CloudForms 5.0.0

This section outlines the changes to the core set of Ruby gems included in this release.

7.1.1. New Ruby Gems in Red Hat CloudForms 5.0.0

The following Ruby gems have been added:

Table 7.1. New Ruby Gems in Red Hat CloudForms 5.0.0

Ruby GemVersion in Red Hat CloudForms 5.0.0

activerecord-virtual_attributes

1.4.0

aws-eventstream

1.0.3

azure_mgmt_compute

0.18.3

azure_mgmt_monitor

0.17.1

azure_mgmt_network

0.18.2

azure_mgmt_resources

0.17.2

cfme-cloud_services

0.1.0 a219ddb

cfme-migration_analytics

0.1.0 ffe9830

dry-initializer

3.0.1

erubi

1.8.0

et-orbi

1.2.2

fugit

1.3.2

manageiq-decorators

0.1.0 bc4b6a3

manageiq-loggers

0.3.0

manageiq-providers-azure_stack

0.1.0 263fa20

ms_rest

0.7.4

ms_rest_azure

0.11.0

pg-logical_replication

1.0.0

raabro

1.1.6

sys-filesystem

1.2.0

terminal

2.0.0

timeliness

0.3.10

7.1.2. Updated Ruby Gems in Red Hat CloudForms 5.0.0

The following Ruby gems have been updated:

Table 7.2. Updated Ruby Gems in Red Hat CloudForms 5.0.0

Ruby GemVersion in Red Hat CloudForms 5.0.0

actioncable

5.1.7

actionmailer

5.1.7

actionpack

5.1.7

actionview

5.1.7

activejob

5.1.7

activemodel

5.1.7

activerecord

5.1.7

activerecord-id_regions

0.3.0

activerecord-session_store

1.1.3

activesupport

5.1.7

acts_as_tree

2.9.0

ancestry

3.0.7

arel

8.0.0

autoprefixer-rails

9.6.1

aws-sigv4

1.1.0

bootstrap-sass

3.4.1

bundler

1.16.1

concurrent-ruby

1.1.5

domain_name

0.5.20190701

dry-configurable

0.8.3

dry-container

0.7.2

dry-core

0.4.9

dry-equalizer

0.2.2

dry-logic

1.0.2

dry-types

1.1.1

dry-validation

1.2.1

excon

0.65.0

fast_gettext

2.0.1

fog-google

1.9.1

fog-openstack

0.3.10

font-fabulous

1.0.5

globalid

0.4.2

graphql

1.9.8

gssapi

1.3.0

hashdiff

0.4.0

inventory_refresh

0.2.0

jbuilder

2.9.1

jquery-rails

4.3.5

linux_admin

1.2.4

macaddr

1.7.2

manageiq-api

4.1.0 61e0b85

manageiq-appliance_console

5.0.2

manageiq-automation_engine

0.1.0 ab74dc5

manageiq-consumption

0.0.1 04bda84

manageiq-content

0.1.0 a7fb518

manageiq-gems-pending

0.1.0 ca1c762

manageiq-graphql

0.1.0 ef6880a

manageiq-messaging

0.1.5

manageiq-postgres_ha_admin

3.1.0

manageiq-providers-amazon

0.1.0 7c42730

manageiq-providers-ansible_tower

0.1.0 fef041c

manageiq-providers-azure

0.1.0 3ab42a0

manageiq-providers-foreman

0.1.0 52c28b7

manageiq-providers-google

0.1.0 a68a499

manageiq-providers-kubernetes

0.1.0 27f031e

manageiq-providers-kubevirt

0.0.1 6e0d673

manageiq-providers-lenovo

0.2.0 e113098

manageiq-providers-nuage

0.1.0 90adf28

manageiq-providers-openshift

0.1.0 94f7dfb

manageiq-providers-openstack

0.1.0 eb5184e

manageiq-providers-ovirt

0.1.0 d79c9c2

manageiq-providers-redfish

0.1.0 11925da

manageiq-providers-scvmm

0.1.0 8cd65ef

manageiq-providers-vmware

0.1.0 7086a83

manageiq-schema

0.1.0 39775cd

manageiq-smartstate

0.3.1

manageiq-ui-classic

0.1.0 51b9763

manageiq-v2v

0.0.1 7774764

mini_mime

1.0.2

monetize

1.9.2

money

6.13.4

money-rails

1.13.2

more_core_extensions

3.7.0

multipart-post

2.1.1

optimist

3.0.0

ovirt_metrics

3.0.0

patternfly-sass

3.59.3

pg-pglogical

2.1.3

public_suffix

3.1.1

rack

2.0.7

rack-test

1.1.0

rails

5.1.7

rails-html-sanitizer

1.2.0

rails-i18n

5.1.3

railties

5.1.7

rake

12.3.3

rbvmomi

2.0.1

redfish_client

0.5.1

responders

2.4.1

ripper_ruby_parser

1.5.1

ruby-kafka

0.7.10

rubyzip

1.2.3

rufus-scheduler

3.6.0

sexp_processor

4.12.1

stomp

1.4.8

temple

0.8.1

vmware_web_service

0.4.4

websocket-extensions

0.1.4

winrm

2.3.2

winrm-fs

1.3.2

xclarity_client

0.6.7

7.1.3. Removed Ruby Gems in Red Hat CloudForms 5.0.0

The following Ruby gems have been removed:

Table 7.3. Removed Ruby Gems in Red Hat CloudForms 5.0.0

Ruby Gem

htauth

jquery-hotkeys-rails

open4

simple-rss

trollop

7.2. Red Hat CloudForms 5.0.1

This section outlines the changes to the core set of Ruby gems included in this release.

7.2.1. New Ruby Gems in Red Hat CloudForms 5.0.1

No Ruby gems were added to the appliance in Red Hat CloudForms 5.0.1.

7.2.2. Updated Ruby Gems in Red Hat CloudForms 5.0.1

The following Ruby gems have been updated:

Table 7.4. Updated Ruby Gems in Red Hat CloudForms 5.0.1

Ruby GemVersion in Red Hat CloudForms 5.0.1

manageiq-appliance_console

5.1.0

rubyzip

1.3.0

7.2.3. Removed Ruby Gems in Red Hat CloudForms 5.0.1

No Ruby gems were removed from the appliance in Red Hat CloudForms 5.0.1.

7.3. Red Hat CloudForms 5.0.2

This section outlines the changes to the core set of Ruby gems included in this release.

7.3.1. New Ruby Gems in Red Hat CloudForms 5.0.2

No Ruby gems were added to the appliance in Red Hat CloudForms 5.0.2.

7.3.2. Updated Ruby Gems in Red Hat CloudForms 5.0.2

The following Ruby gems have been updated:

Table 7.5. Updated Ruby Gems in Red Hat CloudForms 5.0.2

Ruby GemVersion in Red Hat CloudForms 5.0.2

ansible_tower_client

0.20.2

linux_admin

2.0.0

manageiq-appliance_console

5.3.0

manageiq-postgres_ha_admin

3.1.1

manageiq-smartstate

0.3.4

rubyzip

2.0.0

winrm-fs

1.3.4

7.3.3. Removed Ruby Gems in Red Hat CloudForms 5.0.2

No Ruby gems were removed from the appliance in Red Hat CloudForms 5.0.2.

7.4. Red Hat CloudForms 5.0.3

This section outlines the changes to the core set of Ruby gems included in this release.

7.4.1. New Ruby Gems in Red Hat CloudForms 5.0.3

No Ruby gems were added to the appliance in Red Hat CloudForms 5.0.3.

7.4.2. Updated Ruby Gems in Red Hat CloudForms 5.0.3

The following Ruby gems have been updated:

Table 7.6. Updated Ruby Gems in Red Hat CloudForms 5.0.3

Ruby GemVersion in Red Hat CloudForms 5.0.3

awesome_spawn

1.5.0

7.4.3. Removed Ruby Gems in Red Hat CloudForms 5.0.3

No Ruby gems were removed from the appliance in Red Hat CloudForms 5.0.3.

Chapter 8. Technical Notes

This chapter contains the summary text for bug fixes and enhancements in Red Hat CloudForms errata advisories. The information and procedures in this chapter are relevant to Red Hat CloudForms administrators.

8.1. Red Hat CloudForms 5.0

8.1.1. RHBA-2019-4199: CloudForms 5.0 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2019:4199. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4199.html.

8.1.1.1. UP Ops

BZ#1689369

This update of Red Hat CloudForms displays ISO files in the dropdown menu for CD/DVD Drives for VMware providers.

BZ#1518613

At current, the results of running a compliance policy on a provider can be accessed from the 'Policy' menu, but are not displayed in the inventory page for that provider. This issue will be resolved in a future update of Red Hat CloudForms.

BZ#1535215

This release of Red Hat CloudForms corrects an issue that previously required users to click twice to access the Automation simulator.

8.1.2. RHBA-2019-4200: CloudForms 5.0 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2019:4200. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4200.html.

8.2. Red Hat CloudForms 5.0.1

8.2.1. RHSA-2019-4201: Moderate: CloudForms 5.0.1 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHSA-2019:4201. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2019:4201.html.

8.2.1.1. Vulnerability

BZ#1771298

A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is the highest threat.

8.2.2. RHBA-2019-4202: CloudForms 5.0.1 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2019:4202. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4202.html.

8.3. Red Hat CloudForms 5.0.2

8.3.1. RHBA-2020-0452: CloudForms 5.0.2 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:0452. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0452.html.

8.3.2. RHBA-2020-0453: CloudForms 5.0.2 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:0453. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0453.html.

8.4. Red Hat CloudForms 5.0.3

8.4.1. RHBA-2020-0590: CloudForms 5.0.3 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:0590. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0590.html.

8.4.2. RHSA-2020-0588: Red Hat CloudForms 5.0.3. Security, Bug Fix and Enhancement Update

The bugs contained in this section are addressed by advisory RHSA-2020:0588. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:0588.html.

8.4.2.1. Vulnerability

BZ#1769411

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.

8.5. Red Hat CloudForms 5.0.4

8.5.1. RHBA-2020-0867: CloudForms 5.0.4 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:0867. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0867.html.

8.5.2. RHBA-2020-0868: CloudForms 5.0.4 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-RHBA-2020:0868. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0868.html.

8.6. Red Hat CloudForms 5.0.5

8.6.1. RHBA-2020-2020: CloudForms 5.0.5 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:2020. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:2020.html.

8.6.2. RHBA-2020-2021: CloudForms 5.0.5 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-RHBA-2020:2021. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:2021.html.

8.7. Red Hat CloudForms 5.0.6

8.7.1. RHBA-2020-2481: CloudForms 5.0.6 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:2481. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:42481.html.

8.7.2. RHSA-2020-2480: Red Hat CloudForms 5.0.6. Security, Bug Fix and Enhancement Update

The bugs contained in this section are addressed by advisory RHSA-2020:2480. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:2480.html.

8.8. Red Hat CloudForms 5.0.7

8.8.1. RHBA-2020-3359: CloudForms 5.0.7 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:3359. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:3359.html.

8.8.2. RHSA-2020-3358: Critical: CloudForms 5.0.7 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHSA-2020:3358. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:3358.html.

8.8.2.1. Vulnerability

BZ#1855739

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request.

BZ#1847628

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields.

BZ#1847647

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature.

BZ#1847811

A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator.

BZ#1855713

A out of band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

BZ#1847605

A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can prevent exploitation of this XSS however not all browsers support CSP.

BZ#1847794

A flaw was found in Orchestration Template of Red Hat CloudForms where a low privilege user could enter crafted CSV formulae. Successful exploitation will allow an attacker to execute arbitrary code with the privilege of currently logged in user of the system causing serious damage to the victim’s system.

BZ#1847860

A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network.