3 matches found
Prevent execution with invalid signatures
Handle gpersoon Vulnerability details Impact Suppose one of the supplied addrsi to the constructor of Identity.sol happens to be 0 by accident. In that case: privileges0 = 1 Now suppose you call execute with an invalid signature, then recoverAddrImpl will return a value of 0 and thus signer=0. If...
Red Hat CloudForms Management Engine ManageIQ Authentication Bypass Vulnerability
Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud service solutions from Red Hat, Inc. ManageIQ is a virtualization manager used in it. A security vulnerability exists in the checkprivileges method of the...
CFME: check_privileges logic error resulting in privilege escalation
The checkprivileges method in vmdb/app/controllers/applicationcontroller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine CFME, allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbacuseredit action...