CVE-2019-10137 — Path Traversal in Redhat Spacewalk

CWE-22 — Path Traversal5 documents5 sources

Severity

9.8CRITICALNVD

CNA8.1

EPSS

7.1%

top 8.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Spacewalk Spacewalkproject Spacewalk-proxy Redhat Satellite

Timeline

PublishedJul 2

Latest updateMay 24

Description

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5spacewalkproject/spacewalk-proxyspacewalk through 2.9

▶NVDredhat/spacewalk2.9

▶NVDredhat/satellite5.0

🔴Vulnerability Details

GHSA

GHSA-38jq-w3g8-jpc9: A path traversal flaw was found in spacewalk-proxy, all versions through 2↗2022-05-24

▶

CVEList

CVE-2019-10137: A path traversal flaw was found in spacewalk-proxy, all versions through 2↗2019-07-02

▶

📋Vendor Advisories

Red Hat

spacewalk-proxy: Path traversal in proxy authentication cache↗2019-07-01

▶

💬Community

Bugzilla

CVE-2019-10137 spacewalk-proxy: Path traversal in proxy authentication cache↗2019-04-24

▶