CVE-2019-10159

Published: Jun 14, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

Affected (3)

Products: Redhat: Cfme Gemset, Cloudforms

Redhat

2 products

Cfme Gemset

Cloudforms

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Cfme Gemset	From 5.10.0.33 to 5.10.4.3
Redhat Cfme Gemset	From 5.9.0.22 to 5.9.9.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms	Version 4.7

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://access.redhat.com/errata/RHSA-2019:2466

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:2466

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.