CVE-2017-15123 Exploit

Just a quick write-up for RedHat Cloud Form Cloud management graphical interface vulnerability (CVE-2017-15123) which affects versions 5.8, 5.9 and 5.10.

all these versions are vulnerable to broken authentication vulnerability where the RSS feed can be accessed without any authentication, RSS feeds contains many information like all new Virtual Machines created on the platform.
Example Exploit URL is.
https://XX.XX.XX.XX/alert/rss?feed=newest_hosts
CreatedVMS

 

Leave a Reply

Your email address will not be published. Required fields are marked *