{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T00:09:50.258","vulnerabilities":[{"cve":{"id":"CVE-2020-14369","sourceIdentifier":"secalert@redhat.com","published":"2020-12-02T15:15:12.313","lastModified":"2024-11-21T05:03:06.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth."},{"lang":"es","value":"Esta versión corrige una vulnerabilidad de tipo Cross Site Request Forgery que se encontró en Red Hat CloudForms que forza a los usuarios finales a ejecutar acciones no deseadas en una aplicación web en la que el usuario está actualmente autenticado. Un atacante puede hacer una petición HTTP falsificada al servidor al diseñar un archivo flash personalizado que puede obligar al usuario a llevar a cabo una petición de cambio de estado, como aprovisionar máquinas virtuales, ejecutando libros de jugadas de ansible, etc"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cloudforms:*:*:*:*:*:*:*:*","versionEndIncluding":"5.11","matchCriteriaId":"C457595C-35E3-474E-AA3A-5CC69F1964F0"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1871921","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1871921","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}