Merge pull request #2143 from RedHatProductSecurity/CVE-2017-15123

CVE-2017-15123
2025-08-04 08:44:25 +00:00 · 2019-06-12 09:39:49 -04:00 · 2019-06-12 09:39:49 -04:00 · c5bb9eb57e
commit c5bb9eb57e
parent bee92f076a 72d8d5eeea
1 changed files with 61 additions and 8 deletions
--- a/2017/15xxx/CVE-2017-15123.json
+++ b/2017/15xxx/CVE-2017-15123.json
@ -1,18 +1,71 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2017-15123",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2017-15123",
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "redhat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "CloudForms",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "5.8 - 5.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-306"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}