CVE-2020-10778

MEDIUM

Red Hat CloudForms <5 - Info Disclosure

Title source: llm

Description

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.

References (2)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1847628

[Vendor Advisory] https://access.redhat.com/security/cve/cve-2020-10778

Scores

CVSS v3 6.0

EPSS 0.0036

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-669

Status published

Products (2)

redhat/cloudforms 4.7

redhat/cloudforms 5.0.0

Published Aug 11, 2020

Tracked Since Feb 18, 2026