CVE-2019-10137 — HIGH (8.1)

Q: How severe is CVE-2019-10137?

CVE-2019-10137 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10137?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Satellite, Redhat Spacewalk.

Vulnerability Description

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Satellite	5.0
Redhat	Spacewalk	<= 2.9

Related Weaknesses (CWE)

CWE-22

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137Issue TrackingMitigationVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137Issue TrackingMitigationVendor Advisory

FAQ

What is CVE-2019-10137?

CVE-2019-10137 is a vulnerability with a CVSS score of 8.1 (HIGH). A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the ex...

How severe is CVE-2019-10137?

CVE-2019-10137 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10137?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Satellite, Redhat Spacewalk.