Vulnerability Description
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cfme-Gemset | >= 5.9.0.22, <= 5.9.9.3 |
| Redhat | Cloudforms | 4.7 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2466Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2466Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159Issue TrackingThird Party Advisory
FAQ
What is CVE-2019-10159?
CVE-2019-10159 is a vulnerability with a CVSS score of 4.3 (MEDIUM). cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged u...
How severe is CVE-2019-10159?
CVE-2019-10159 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10159?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cfme-Gemset, Redhat Cloudforms.