CVE-2017-7497

Impact:
Moderate
Public Date:
2017-05-08
CWE:
CWE-284
Bugzilla:
1450150: CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497
The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant.

Find out more about CVE-2017-7497 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
CloudForms Management Engine 5.8 (cfme) RHSA-2017:1758 2017-08-02
CloudForms Management Engine 5.7 (cfme) RHSA-2017:1601 2017-06-28

Acknowledgements

This issue was discovered by Gellert Kis (Red Hat).
Last Modified