CVE-2019-10159
published 2019-06-14CVE-2019-10159: cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | cfme | — | — |
| redhat | cfme-gemset | 5.10.0.33 – 5.10.4.3 | — |
| redhat | cfme-gemset | 5.9.0.22 – 5.9.9.3 | — |
| redhat | cloudforms | — | — |