Chapter 8. Technical Notes

This chapter contains the summary text for bug fixes and enhancements in Red Hat CloudForms errata advisories. The information and procedures in this chapter are relevant to Red Hat CloudForms administrators.

8.1. Red Hat CloudForms 5.0

8.1.1. RHBA-2019-4199: CloudForms 5.0 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2019:4199. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4199.html.

8.1.1.1. UP Ops

BZ#1689369

This update of Red Hat CloudForms displays ISO files in the dropdown menu for CD/DVD Drives for VMware providers.

BZ#1518613

At current, the results of running a compliance policy on a provider can be accessed from the 'Policy' menu, but are not displayed in the inventory page for that provider. This issue will be resolved in a future update of Red Hat CloudForms.

BZ#1535215

This release of Red Hat CloudForms corrects an issue that previously required users to click twice to access the Automation simulator.

8.1.2. RHBA-2019-4200: CloudForms 5.0 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2019:4200. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4200.html.

8.2. Red Hat CloudForms 5.0.1

8.2.1. RHSA-2019-4201: Moderate: CloudForms 5.0.1 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHSA-2019:4201. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2019:4201.html.

8.2.1.1. Vulnerability

BZ#1771298

A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is the highest threat.

8.2.2. RHBA-2019-4202: CloudForms 5.0.1 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2019:4202. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2019:4202.html.

8.3. Red Hat CloudForms 5.0.2

8.3.1. RHBA-2020-0452: CloudForms 5.0.2 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:0452. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0452.html.

8.3.2. RHBA-2020-0453: CloudForms 5.0.2 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:0453. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0453.html.

8.4. Red Hat CloudForms 5.0.3

8.4.1. RHBA-2020-0590: CloudForms 5.0.3 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:0590. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0590.html.

8.4.2. RHSA-2020-0588: Red Hat CloudForms 5.0.3. Security, Bug Fix and Enhancement Update

The bugs contained in this section are addressed by advisory RHSA-2020:0588. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:0588.html.

8.4.2.1. Vulnerability

BZ#1769411

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.

8.5. Red Hat CloudForms 5.0.4

8.5.1. RHBA-2020-0867: CloudForms 5.0.4 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:0867. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0867.html.

8.5.2. RHBA-2020-0868: CloudForms 5.0.4 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-RHBA-2020:0868. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:0868.html.

8.6. Red Hat CloudForms 5.0.5

8.6.1. RHBA-2020-2020: CloudForms 5.0.5 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHBA-2020:2020. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:2020.html.

8.6.2. RHBA-2020-2021: CloudForms 5.0.5 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-RHBA-2020:2021. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:2021.html.

8.7. Red Hat CloudForms 5.0.6

8.7.1. RHBA-2020-2481: CloudForms 5.0.6 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:2481. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:42481.html.

8.7.2. RHSA-2020-2480: Red Hat CloudForms 5.0.6. Security, Bug Fix and Enhancement Update

The bugs contained in this section are addressed by advisory RHSA-2020:2480. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:2480.html.

8.8. Red Hat CloudForms 5.0.7

8.8.1. RHBA-2020-3359: CloudForms 5.0.7 Amazon EC2 SmartState Client Bug Fix Update

The bugs contained in this section are addressed by advisory RHBA-2020:3359. Further information about this advisory is available at https://access.redhat.com/errata/RHBA-2020:3359.html.

8.8.2. RHSA-2020-3358: Critical: CloudForms 5.0.7 Bug fix and enhancement update

The bugs contained in this section are addressed by advisory RHSA-2020:3358. Further information about this advisory is available at https://access.redhat.com/errata/RHSA-2020:3358.html.

8.8.2.1. Vulnerability

BZ#1855739

A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request.

BZ#1847628

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields.

BZ#1847647

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature.

BZ#1847811

A role-based privileges escalation flaw was found in Red Hat CloudForms where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator.

BZ#1855713

A out of band OS command injection vulnerability was found in Red Hat CloudForms. An authenticated malicious attacker could execute arbitrary commands on the server by sending a specially crafted request. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

BZ#1847605

A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can prevent exploitation of this XSS however not all browsers support CSP.

BZ#1847794

A flaw was found in Orchestration Template of Red Hat CloudForms where a low privilege user could enter crafted CSV formulae. Successful exploitation will allow an attacker to execute arbitrary code with the privilege of currently logged in user of the system causing serious damage to the victim’s system.

BZ#1847860

A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network.