Business Logic Flaw: Unauthorized Editing of Read-Only Widgets in Red Hat CloudForms 4.7 and 5

Business Logic Flaw: Unauthorized Editing of Read-Only Widgets in Red Hat CloudForms 4.7 and 5

CVE-2020-10778 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

Learn more about our Cis Benchmark Audit For Server Software.