Description
A role-based privileges escalation flaw was found in ManageIQ where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator.
Acknowledgements
Red Hat would like to thank Purnachand Pulahari (IBM) and Ranjit Kumar Singh (IBM) for reporting this issue.
https://access.redhat.com/security/cve/cve-2020-10783
Fixed in ivanchuk-7, jansa-1-rc2, master,
Description
A role-based privileges escalation flaw was found in ManageIQ where export or import of administrator files was possible. An attacker with EVM-Operator group can perform actions restricted only to system administrator.
Acknowledgements
Red Hat would like to thank Purnachand Pulahari (IBM) and Ranjit Kumar Singh (IBM) for reporting this issue.
https://access.redhat.com/security/cve/cve-2020-10783
Fixed in ivanchuk-7, jansa-1-rc2, master,