CVE-2019-10137

Published: Jul 2, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.

Affected (2)

Products: Redhat: Satellite, Spacewalk

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 5.0
Redhat Spacewalk	Up to 2.9

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137

Source: secalert@redhat.com

Issue TrackingMitigationVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationVendor Advisory

Timeline

No history available yet.