CVE-2019-10159

CWE-2855 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 55.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Cfme-gemsetRED HAT CfmeRedhat Cloudforms
Timeline
PublishedJun 14
Latest updateMay 24

Description

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDredhat/cfme-gemset5.9.0.225.9.9.3+1
CVEListV5red_hat/cfme5.10.4.3 and below, 5.9.9.3 and below

🔴Vulnerability Details

2
GHSA
GHSA-whhr-m9m3-wj45: cfme-gemset versions 52022-05-24
CVEList
CVE-2019-10159: cfme-gemset versions 52019-06-14

📋Vendor Advisories

1
Red Hat
cfme: Improper authorization in migration log controller allows any user to access VM migration logs2019-06-06

💬Community

1
Bugzilla
CVE-2019-10159 cfme: Improper authorization in migration log controller allows any user to access VM migration logs2019-06-06
CVE-2019-10159 (MEDIUM CVSS 4.3) | cfme-gemset versions 5.10.4.3 and b | cvebase.io