CVE-2019-10136

CWE-3475 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 72.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Spacewalk Spacewalkproject Spacewalk Redhat Satellite

Timeline

PublishedJul 2

Latest updateMay 24

Description

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDredhat/spacewalk2.9

▶CVEListV5spacewalkproject/spacewalkspacewalk all through 2.9

▶NVDredhat/satellite5.8

🔴Vulnerability Details

GHSA

GHSA-w2m4-8m7f-6vwv: It was found that Spacewalk, all versions through 2↗2022-05-24

▶

CVEList

CVE-2019-10136: It was found that Spacewalk, all versions through 2↗2019-07-02

▶

📋Vendor Advisories

Red Hat

spacewalk: Insecure computation of authentication signatures during user authentication↗2019-07-01

▶

💬Community

Bugzilla

CVE-2019-10136 spacewalk: Insecure computation of authentication signatures during user authentication↗2019-05-10

▶