rhsa-2017_0320
Vulnerability from csaf_redhat
Published
2017-02-27 19:13
Modified
2024-11-05 19:54
Summary
Red Hat Security Advisory: CFME 5.7.1 bug fixes and enhancement update

Notes

Topic
Updated cfme packages that fix bugs and add various enhancements are now available for Red Hat CloudForms 4.2.
Details
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view controller (MVC) framework for web application development. Action Pack implements the controller and the view components. This update fixes various bugs and adds several enhancements. Documentation for these changes is available in the Release Notes linked to in the References section. Security Fix(es): * A logic error in valid_role() in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges. (CVE-2017-2632) This issue was discovered by Matouš Mojžíš (Red Hat). All CFME users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated cfme packages that fix bugs and add various enhancements\nare now available for Red Hat CloudForms 4.2.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nThis update fixes various bugs and adds several enhancements. Documentation for these changes is available in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* A logic error in valid_role() in CloudForms role validation could allow a\ntenant administrator to create groups with a higher privilege level than\nthe tenant administrator should have. This would allow an attacker with\ntenant administration access to elevate privileges. (CVE-2017-2632)\n\nThis issue was discovered by Matou\u0161 Moj\u017e\u00ed\u0161 (Red Hat).\n\nAll CFME users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:0320",
        "url": "https://access.redhat.com/errata/RHSA-2017:0320"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1382768",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382768"
      },
      {
        "category": "external",
        "summary": "1390729",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390729"
      },
      {
        "category": "external",
        "summary": "1390731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390731"
      },
      {
        "category": "external",
        "summary": "1391748",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391748"
      },
      {
        "category": "external",
        "summary": "1391750",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391750"
      },
      {
        "category": "external",
        "summary": "1391757",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391757"
      },
      {
        "category": "external",
        "summary": "1394331",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394331"
      },
      {
        "category": "external",
        "summary": "1394339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394339"
      },
      {
        "category": "external",
        "summary": "1394341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394341"
      },
      {
        "category": "external",
        "summary": "1394844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394844"
      },
      {
        "category": "external",
        "summary": "1395304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395304"
      },
      {
        "category": "external",
        "summary": "1395839",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395839"
      },
      {
        "category": "external",
        "summary": "1395840",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395840"
      },
      {
        "category": "external",
        "summary": "1395857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395857"
      },
      {
        "category": "external",
        "summary": "1395898",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395898"
      },
      {
        "category": "external",
        "summary": "1396222",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396222"
      },
      {
        "category": "external",
        "summary": "1396238",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396238"
      },
      {
        "category": "external",
        "summary": "1396239",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396239"
      },
      {
        "category": "external",
        "summary": "1396240",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396240"
      },
      {
        "category": "external",
        "summary": "1396241",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396241"
      },
      {
        "category": "external",
        "summary": "1396243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396243"
      },
      {
        "category": "external",
        "summary": "1396575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396575"
      },
      {
        "category": "external",
        "summary": "1396576",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396576"
      },
      {
        "category": "external",
        "summary": "1396577",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396577"
      },
      {
        "category": "external",
        "summary": "1396580",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1396580"
      },
      {
        "category": "external",
        "summary": "1397151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397151"
      },
      {
        "category": "external",
        "summary": "1397154",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397154"
      },
      {
        "category": "external",
        "summary": "1397157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397157"
      },
      {
        "category": "external",
        "summary": "1397158",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397158"
      },
      {
        "category": "external",
        "summary": "1397159",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397159"
      },
      {
        "category": "external",
        "summary": "1397248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397248"
      },
      {
        "category": "external",
        "summary": "1397416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397416"
      },
      {
        "category": "external",
        "summary": "1397509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397509"
      },
      {
        "category": "external",
        "summary": "1397532",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397532"
      },
      {
        "category": "external",
        "summary": "1397874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397874"
      },
      {
        "category": "external",
        "summary": "1399207",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399207"
      },
      {
        "category": "external",
        "summary": "1399208",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399208"
      },
      {
        "category": "external",
        "summary": "1399209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399209"
      },
      {
        "category": "external",
        "summary": "1399211",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399211"
      },
      {
        "category": "external",
        "summary": "1399214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399214"
      },
      {
        "category": "external",
        "summary": "1399216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399216"
      },
      {
        "category": "external",
        "summary": "1399221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399221"
      },
      {
        "category": "external",
        "summary": "1399669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399669"
      },
      {
        "category": "external",
        "summary": "1399677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399677"
      },
      {
        "category": "external",
        "summary": "1399679",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1399679"
      },
      {
        "category": "external",
        "summary": "1400202",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400202"
      },
      {
        "category": "external",
        "summary": "1400204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400204"
      },
      {
        "category": "external",
        "summary": "1400212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400212"
      },
      {
        "category": "external",
        "summary": "1400303",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400303"
      },
      {
        "category": "external",
        "summary": "1400616",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400616"
      },
      {
        "category": "external",
        "summary": "1400704",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400704"
      },
      {
        "category": "external",
        "summary": "1401017",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401017"
      },
      {
        "category": "external",
        "summary": "1401018",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401018"
      },
      {
        "category": "external",
        "summary": "1401030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401030"
      },
      {
        "category": "external",
        "summary": "1401044",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401044"
      },
      {
        "category": "external",
        "summary": "1401103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401103"
      },
      {
        "category": "external",
        "summary": "1401935",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401935"
      },
      {
        "category": "external",
        "summary": "1401956",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401956"
      },
      {
        "category": "external",
        "summary": "1401957",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401957"
      },
      {
        "category": "external",
        "summary": "1402118",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402118"
      },
      {
        "category": "external",
        "summary": "1402138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402138"
      },
      {
        "category": "external",
        "summary": "1402139",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402139"
      },
      {
        "category": "external",
        "summary": "1402162",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402162"
      },
      {
        "category": "external",
        "summary": "1402524",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402524"
      },
      {
        "category": "external",
        "summary": "1402526",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402526"
      },
      {
        "category": "external",
        "summary": "1402527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402527"
      },
      {
        "category": "external",
        "summary": "1402528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402528"
      },
      {
        "category": "external",
        "summary": "1402529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402529"
      },
      {
        "category": "external",
        "summary": "1403011",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403011"
      },
      {
        "category": "external",
        "summary": "1403019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403019"
      },
      {
        "category": "external",
        "summary": "1403981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403981"
      },
      {
        "category": "external",
        "summary": "1403983",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403983"
      },
      {
        "category": "external",
        "summary": "1404316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404316"
      },
      {
        "category": "external",
        "summary": "1404365",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404365"
      },
      {
        "category": "external",
        "summary": "1404427",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404427"
      },
      {
        "category": "external",
        "summary": "1404431",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404431"
      },
      {
        "category": "external",
        "summary": "1404447",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404447"
      },
      {
        "category": "external",
        "summary": "1404454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404454"
      },
      {
        "category": "external",
        "summary": "1404526",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404526"
      },
      {
        "category": "external",
        "summary": "1404669",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404669"
      },
      {
        "category": "external",
        "summary": "1404746",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404746"
      },
      {
        "category": "external",
        "summary": "1404825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404825"
      },
      {
        "category": "external",
        "summary": "1404827",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404827"
      },
      {
        "category": "external",
        "summary": "1405193",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405193"
      },
      {
        "category": "external",
        "summary": "1405197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405197"
      },
      {
        "category": "external",
        "summary": "1405200",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405200"
      },
      {
        "category": "external",
        "summary": "1405201",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405201"
      },
      {
        "category": "external",
        "summary": "1405640",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405640"
      },
      {
        "category": "external",
        "summary": "1405641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405641"
      },
      {
        "category": "external",
        "summary": "1406160",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406160"
      },
      {
        "category": "external",
        "summary": "1406161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406161"
      },
      {
        "category": "external",
        "summary": "1406163",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406163"
      },
      {
        "category": "external",
        "summary": "1406167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406167"
      },
      {
        "category": "external",
        "summary": "1406434",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406434"
      },
      {
        "category": "external",
        "summary": "1406798",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406798"
      },
      {
        "category": "external",
        "summary": "1408278",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408278"
      },
      {
        "category": "external",
        "summary": "1410516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410516"
      },
      {
        "category": "external",
        "summary": "1410535",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410535"
      },
      {
        "category": "external",
        "summary": "1410587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410587"
      },
      {
        "category": "external",
        "summary": "1410588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410588"
      },
      {
        "category": "external",
        "summary": "1410791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410791"
      },
      {
        "category": "external",
        "summary": "1410817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410817"
      },
      {
        "category": "external",
        "summary": "1410818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410818"
      },
      {
        "category": "external",
        "summary": "1410819",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410819"
      },
      {
        "category": "external",
        "summary": "1410828",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410828"
      },
      {
        "category": "external",
        "summary": "1410831",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410831"
      },
      {
        "category": "external",
        "summary": "1410844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410844"
      },
      {
        "category": "external",
        "summary": "1410845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410845"
      },
      {
        "category": "external",
        "summary": "1410846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410846"
      },
      {
        "category": "external",
        "summary": "1410851",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410851"
      },
      {
        "category": "external",
        "summary": "1410927",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410927"
      },
      {
        "category": "external",
        "summary": "1411350",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411350"
      },
      {
        "category": "external",
        "summary": "1411351",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411351"
      },
      {
        "category": "external",
        "summary": "1411353",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411353"
      },
      {
        "category": "external",
        "summary": "1411357",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411357"
      },
      {
        "category": "external",
        "summary": "1411358",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411358"
      },
      {
        "category": "external",
        "summary": "1411359",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411359"
      },
      {
        "category": "external",
        "summary": "1411362",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411362"
      },
      {
        "category": "external",
        "summary": "1411364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411364"
      },
      {
        "category": "external",
        "summary": "1411368",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411368"
      },
      {
        "category": "external",
        "summary": "1411369",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411369"
      },
      {
        "category": "external",
        "summary": "1411370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411370"
      },
      {
        "category": "external",
        "summary": "1411372",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411372"
      },
      {
        "category": "external",
        "summary": "1411373",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411373"
      },
      {
        "category": "external",
        "summary": "1411433",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411433"
      },
      {
        "category": "external",
        "summary": "1411459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411459"
      },
      {
        "category": "external",
        "summary": "1411461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411461"
      },
      {
        "category": "external",
        "summary": "1411463",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411463"
      },
      {
        "category": "external",
        "summary": "1411466",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411466"
      },
      {
        "category": "external",
        "summary": "1411471",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411471"
      },
      {
        "category": "external",
        "summary": "1411473",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411473"
      },
      {
        "category": "external",
        "summary": "1411478",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411478"
      },
      {
        "category": "external",
        "summary": "1411507",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411507"
      },
      {
        "category": "external",
        "summary": "1411509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411509"
      },
      {
        "category": "external",
        "summary": "1411511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411511"
      },
      {
        "category": "external",
        "summary": "1411514",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411514"
      },
      {
        "category": "external",
        "summary": "1411516",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411516"
      },
      {
        "category": "external",
        "summary": "1411517",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411517"
      },
      {
        "category": "external",
        "summary": "1411518",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411518"
      },
      {
        "category": "external",
        "summary": "1411519",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411519"
      },
      {
        "category": "external",
        "summary": "1411791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411791"
      },
      {
        "category": "external",
        "summary": "1411793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411793"
      },
      {
        "category": "external",
        "summary": "1411797",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411797"
      },
      {
        "category": "external",
        "summary": "1411878",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411878"
      },
      {
        "category": "external",
        "summary": "1411880",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411880"
      },
      {
        "category": "external",
        "summary": "1411881",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411881"
      },
      {
        "category": "external",
        "summary": "1411882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411882"
      },
      {
        "category": "external",
        "summary": "1411885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411885"
      },
      {
        "category": "external",
        "summary": "1411941",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411941"
      },
      {
        "category": "external",
        "summary": "1411973",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411973"
      },
      {
        "category": "external",
        "summary": "1411975",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411975"
      },
      {
        "category": "external",
        "summary": "1411982",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411982"
      },
      {
        "category": "external",
        "summary": "1412206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412206"
      },
      {
        "category": "external",
        "summary": "1412221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412221"
      },
      {
        "category": "external",
        "summary": "1412279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412279"
      },
      {
        "category": "external",
        "summary": "1412280",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412280"
      },
      {
        "category": "external",
        "summary": "1412283",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412283"
      },
      {
        "category": "external",
        "summary": "1412284",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412284"
      },
      {
        "category": "external",
        "summary": "1412285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412285"
      },
      {
        "category": "external",
        "summary": "1412286",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412286"
      },
      {
        "category": "external",
        "summary": "1412287",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412287"
      },
      {
        "category": "external",
        "summary": "1412288",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412288"
      },
      {
        "category": "external",
        "summary": "1412289",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412289"
      },
      {
        "category": "external",
        "summary": "1412290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412290"
      },
      {
        "category": "external",
        "summary": "1412291",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412291"
      },
      {
        "category": "external",
        "summary": "1412293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412293"
      },
      {
        "category": "external",
        "summary": "1412312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412312"
      },
      {
        "category": "external",
        "summary": "1412314",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412314"
      },
      {
        "category": "external",
        "summary": "1412315",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412315"
      },
      {
        "category": "external",
        "summary": "1412316",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412316"
      },
      {
        "category": "external",
        "summary": "1412383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412383"
      },
      {
        "category": "external",
        "summary": "1412396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412396"
      },
      {
        "category": "external",
        "summary": "1412682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412682"
      },
      {
        "category": "external",
        "summary": "1412738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412738"
      },
      {
        "category": "external",
        "summary": "1412740",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412740"
      },
      {
        "category": "external",
        "summary": "1412825",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412825"
      },
      {
        "category": "external",
        "summary": "1413086",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413086"
      },
      {
        "category": "external",
        "summary": "1413103",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413103"
      },
      {
        "category": "external",
        "summary": "1413113",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413113"
      },
      {
        "category": "external",
        "summary": "1413119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413119"
      },
      {
        "category": "external",
        "summary": "1413123",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413123"
      },
      {
        "category": "external",
        "summary": "1413154",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413154"
      },
      {
        "category": "external",
        "summary": "1413167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413167"
      },
      {
        "category": "external",
        "summary": "1413205",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413205"
      },
      {
        "category": "external",
        "summary": "1413207",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413207"
      },
      {
        "category": "external",
        "summary": "1413210",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413210"
      },
      {
        "category": "external",
        "summary": "1413212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413212"
      },
      {
        "category": "external",
        "summary": "1413621",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413621"
      },
      {
        "category": "external",
        "summary": "1413677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413677"
      },
      {
        "category": "external",
        "summary": "1413695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413695"
      },
      {
        "category": "external",
        "summary": "1413769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413769"
      },
      {
        "category": "external",
        "summary": "1414012",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414012"
      },
      {
        "category": "external",
        "summary": "1414013",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414013"
      },
      {
        "category": "external",
        "summary": "1414014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414014"
      },
      {
        "category": "external",
        "summary": "1414015",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414015"
      },
      {
        "category": "external",
        "summary": "1414550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414550"
      },
      {
        "category": "external",
        "summary": "1414583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414583"
      },
      {
        "category": "external",
        "summary": "1414848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414848"
      },
      {
        "category": "external",
        "summary": "1414870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414870"
      },
      {
        "category": "external",
        "summary": "1414872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414872"
      },
      {
        "category": "external",
        "summary": "1414876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414876"
      },
      {
        "category": "external",
        "summary": "1414882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414882"
      },
      {
        "category": "external",
        "summary": "1414884",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414884"
      },
      {
        "category": "external",
        "summary": "1414885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414885"
      },
      {
        "category": "external",
        "summary": "1414886",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414886"
      },
      {
        "category": "external",
        "summary": "1414887",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414887"
      },
      {
        "category": "external",
        "summary": "1414888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414888"
      },
      {
        "category": "external",
        "summary": "1414889",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414889"
      },
      {
        "category": "external",
        "summary": "1414891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414891"
      },
      {
        "category": "external",
        "summary": "1415217",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415217"
      },
      {
        "category": "external",
        "summary": "1415247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415247"
      },
      {
        "category": "external",
        "summary": "1415248",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415248"
      },
      {
        "category": "external",
        "summary": "1415332",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415332"
      },
      {
        "category": "external",
        "summary": "1415333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415333"
      },
      {
        "category": "external",
        "summary": "1415754",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415754"
      },
      {
        "category": "external",
        "summary": "1415755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415755"
      },
      {
        "category": "external",
        "summary": "1415756",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1415756"
      },
      {
        "category": "external",
        "summary": "1416001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416001"
      },
      {
        "category": "external",
        "summary": "1416077",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416077"
      },
      {
        "category": "external",
        "summary": "1416093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416093"
      },
      {
        "category": "external",
        "summary": "1416821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416821"
      },
      {
        "category": "external",
        "summary": "1416826",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416826"
      },
      {
        "category": "external",
        "summary": "1417197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417197"
      },
      {
        "category": "external",
        "summary": "1417974",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417974"
      },
      {
        "category": "external",
        "summary": "1418400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418400"
      },
      {
        "category": "external",
        "summary": "1418749",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418749"
      },
      {
        "category": "external",
        "summary": "1418846",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418846"
      },
      {
        "category": "external",
        "summary": "1419186",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419186"
      },
      {
        "category": "external",
        "summary": "1419680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419680"
      },
      {
        "category": "external",
        "summary": "1419738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419738"
      },
      {
        "category": "external",
        "summary": "1420555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420555"
      },
      {
        "category": "external",
        "summary": "1420888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420888"
      },
      {
        "category": "external",
        "summary": "1420916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420916"
      },
      {
        "category": "external",
        "summary": "1420917",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420917"
      },
      {
        "category": "external",
        "summary": "1422178",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422178"
      },
      {
        "category": "external",
        "summary": "1422241",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422241"
      },
      {
        "category": "external",
        "summary": "1423031",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423031"
      },
      {
        "category": "external",
        "summary": "1423033",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423033"
      },
      {
        "category": "external",
        "summary": "1424260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424260"
      },
      {
        "category": "external",
        "summary": "1424275",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424275"
      },
      {
        "category": "external",
        "summary": "1424977",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424977"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0320.json"
      }
    ],
    "title": "Red Hat Security Advisory: CFME 5.7.1 bug fixes and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-05T19:54:40+00:00",
      "generator": {
        "date": "2024-11-05T19:54:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2017:0320",
      "initial_release_date": "2017-02-27T19:13:26+00:00",
      "revision_history": [
        {
          "date": "2017-02-27T19:13:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-02-27T19:13:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T19:54:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CloudForms Management Engine 5.7",
                "product": {
                  "name": "CloudForms Management Engine 5.7",
                  "product_id": "7Server-RH7-CFME-5.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.7::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat CloudForms"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
                  "product_id": "cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.7.1.3-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                  "product_id": "cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance-debuginfo@5.7.1.3-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-gemset-0:5.7.1.3-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-gemset-0:5.7.1.3-1.el7cf.x86_64",
                  "product_id": "cfme-gemset-0:5.7.1.3-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-gemset@5.7.1.3-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.7.1.3-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-0:5.7.1.3-1.el7cf.x86_64",
                  "product_id": "cfme-0:5.7.1.3-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.7.1.3-1.el7cf?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                "product": {
                  "name": "cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                  "product_id": "cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-debuginfo@5.7.1.3-1.el7cf?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cfme-appliance-0:5.7.1.3-1.el7cf.src",
                "product": {
                  "name": "cfme-appliance-0:5.7.1.3-1.el7cf.src",
                  "product_id": "cfme-appliance-0:5.7.1.3-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-appliance@5.7.1.3-1.el7cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-gemset-0:5.7.1.3-1.el7cf.src",
                "product": {
                  "name": "cfme-gemset-0:5.7.1.3-1.el7cf.src",
                  "product_id": "cfme-gemset-0:5.7.1.3-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme-gemset@5.7.1.3-1.el7cf?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cfme-0:5.7.1.3-1.el7cf.src",
                "product": {
                  "name": "cfme-0:5.7.1.3-1.el7cf.src",
                  "product_id": "cfme-0:5.7.1.3-1.el7cf.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cfme@5.7.1.3-1.el7cf?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.7.1.3-1.el7cf.src as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src"
        },
        "product_reference": "cfme-0:5.7.1.3-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-0:5.7.1.3-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64"
        },
        "product_reference": "cfme-0:5.7.1.3-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.7.1.3-1.el7cf.src as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src"
        },
        "product_reference": "cfme-appliance-0:5.7.1.3-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-0:5.7.1.3-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64"
        },
        "product_reference": "cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64"
        },
        "product_reference": "cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64"
        },
        "product_reference": "cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-gemset-0:5.7.1.3-1.el7cf.src as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src"
        },
        "product_reference": "cfme-gemset-0:5.7.1.3-1.el7cf.src",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cfme-gemset-0:5.7.1.3-1.el7cf.x86_64 as a component of CloudForms Management Engine 5.7",
          "product_id": "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
        },
        "product_reference": "cfme-gemset-0:5.7.1.3-1.el7cf.x86_64",
        "relates_to_product_reference": "7Server-RH7-CFME-5.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-4492",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2013-12-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1039435"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-i18n: cross-site scripting flaw in exception handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4492"
        },
        {
          "category": "external",
          "summary": "RHBZ#1039435",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039435"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4492"
        }
      ],
      "release_date": "2013-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-02-27T19:13:26+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:0320"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-i18n: cross-site scripting flaw in exception handling"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Matou\u0161 Moj\u017e\u00ed\u0161"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-2632",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2017-02-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1424977"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A logic error in valid_role() in CloudForms role validation could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cfme: tenant administrator can create a group with higher permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
          "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
          "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-2632"
        },
        {
          "category": "external",
          "summary": "RHBZ#1424977",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424977"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-2632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2632"
        }
      ],
      "release_date": "2017-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-02-27T19:13:26+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:0320"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-appliance-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-appliance-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-debuginfo-0:5.7.1.3-1.el7cf.x86_64",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.src",
            "7Server-RH7-CFME-5.7:cfme-gemset-0:5.7.1.3-1.el7cf.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cfme: tenant administrator can create a group with higher permissions"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.