What is CVE-2017-15123?

CVE-2017-15123 is a medium-severity vulnerability in Redhat Cloudforms, classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2019-06-12.

How severe is CVE-2017-15123?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Redhat Cloudforms

CVE-2017-15123

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudFor…

Vulnerability class: Broken Authentication

EPSS: 0.002 (46.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Redhat Cloudforms — versions 5.8 - 5.10

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
108690 (vdb-entry, x_refsource_BID)
hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-15123?: CVE-2017-15123 is a medium-severity vulnerability in Redhat Cloudforms, classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2019-06-12.
How severe is CVE-2017-15123?: Medium severity. CVSS v3 base score is 5.3 out of 10.