exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2020-4134-01

Red Hat Security Advisory 2020-4134-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, web, ruby, csrf
systems | linux, redhat
advisories | CVE-2020-14369
SHA-256 | d7a924fa93f1dc0be2809f3ed8f22321634d261660f39a52c638e3618931c2a5

Red Hat Security Advisory 2020-4134-01

Change Mirror Download
Hash: SHA256

Red Hat Security Advisory

Synopsis: Moderate: CloudForms 5.0.8 security, bug fix and enhancement update
Advisory ID: RHSA-2020:4134-01
Product: Red Hat CloudForms
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4134
Issue date: 2020-09-30
Cross references: RHSA-2020:3358
CVE Names: CVE-2020-14369
1. Summary:

An update is now available for CloudForms Management Engine 5.11.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

CloudForms Management Engine 5.11 - x86_64

3. Description:

Red Hat CloudForms Management Engine delivers the insight, control, and
automation needed to address the challenges of managing virtual
environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development.
Action Pack implements the controller and the view components.

Security Fix(es):

* cfme-gemset: CloudForms: Cross Site Request Forgery in API notifications

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for
these changes is available from the Release Notes document linked to in the
References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:


If the postgresql service is running, it will be automatically restarted
after installing this update. After installing the updated packages, the
httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1672358 - [RFE] Unable to create Service Template via the API
1686077 - [RFE] : Feature request to be able to add a default date/time to Timepicker in dialog
1706848 - Not able to set specific dates and time in for timepicker in service dialog
1713205 - Dialog Dropdown value is not getting selected in first attempt
1723864 - Openstack Director nodes does not show OpenStack Service Status section - OSPD 15
1741633 - Invalid dynamic field causes service dialog to not be save-able
1772762 - [RFE] Size of disks added is not shown when VM_Reconfigure
1794551 - Security group/rule create/delete triggers targeted refresh but doesn't update in UI
1804263 - Mapping fail when selecting public network not directly belongs to the selected project.
1825961 - SmartState sometimes fails to find /var/lib/rpm/Packages file, so software collection reports no packages installed
1846273 - Cloudforms no longer sees vms in resource pools after some targetted refreshes are ran
1846623 - [RFE] "CPU Affinity" not updated for VMs on RHV providers
1846624 - [RFE] "Platform Tools" Status is set to "N/A" for all VMs on RHV providers
1851087 - [RFE] Scheduled Retirement - Check for Existing "active" Requests before creating new Request.
1856470 - repmgr10.service is failing to start on cfme db appliance reboot
1858079 - using escalate privilage with a nil become_password causes playbooks to get stuck waiting for a password
1858107 - SSA not possible on any RHV datastore depending on navigation to it.
1859388 - Availability zones not showing in dropdown menu when adding volume through storage
1859542 - Tag Control dropdown field listing extra value -> ''Nothing Selected' in service order page
1860033 - "Add a provider" button for Ansible Tower disappears after using accordion
1861252 - Dropdown dialog field listing extra value -> ''Nothing Selected' in service order page
1862202 - RHOS 16.1: geneve" Provider Network Type is missing when creating cloud network
1870737 - passwordless sudo command reports error when querying podman/docker containers for OSP16.1
1871921 - CVE-2020-14369 CloudForms: Cross Site Request Forgery in API notifications
1874921 - [RFE] Service Retirement Logging improvement to show Service id
1876974 - Enhance error handle for failing playbook clone

6. Package List:

CloudForms Management Engine 5.11:



These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from

7. References:


8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
Version: GnuPG v1


RHSA-announce mailing list
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By