{"api_version":"1","generated_at":"2026-04-23T02:15:26+00:00","cve":"CVE-2020-10779","urls":{"html":"https://cve.report/CVE-2020-10779","api":"https://cve.report/api/cve/CVE-2020-10779.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-10779","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-10779"},"summary":{"title":"CVE-2020-10779","description":"Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-08-11 13:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-639"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847647","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1847647","refsource":"MISC","tags":["Issue Tracking"],"title":"1847647 – (CVE-2020-10779) CVE-2020-10779 CloudForms: Missing functional level access control & IDOR lead to compromise","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/cve-2020-10779","name":"https://access.redhat.com/security/cve/cve-2020-10779","refsource":"MISC","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-10779","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10779","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"10779","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cloudforms","cpe6":"4.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10779","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cloudforms","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10779","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cloudforms","cpe6":"4.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"10779","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"cloudforms","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-10779","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"CloudForms","version":{"version_data":[{"version_value":"4.7 and 5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Access Control"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1847647","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847647"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/cve-2020-10779","url":"https://access.redhat.com/security/cve/cve-2020-10779"}]},"description":{"description_data":[{"lang":"eng","value":"Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms."}]}},"nvd":{"publishedDate":"2020-08-11 13:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-639"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:cloudforms:5.0.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"10779","Ordinal":"171219","Title":"CVE-2020-10779","CVE":"CVE-2020-10779","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"10779","Ordinal":"1","NoteData":"Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"10779","Ordinal":"2","NoteData":"2020-08-11","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"10779","Ordinal":"3","NoteData":"2020-08-11","Type":"Other","Title":"Modified"}]}}}