CFME: default routes expose controllers and actions
It was found that Red Hat CloudForms exposed default routes that were reachable via HTTPS requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation...