Vulnerabilities > CVE-2019-10159 - Unspecified vulnerability in Redhat Cfme-Gemset and Cloudforms

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2019-06-14

Updated: 2024-11-21

Summary

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Cfme Gemset 5.9.0.22 Redhat Cfme Gemset 5.9.1.2 Redhat Cfme Gemset 5.9.2.4 Redhat Cfme Gemset 5.9.3.4 Redhat Cfme Gemset 5.9.4.7 Redhat Cfme Gemset 5.9.5.3 Redhat Cfme Gemset 5.9.6.5 Redhat Cfme Gemset 5.9.7.2 Redhat Cfme Gemset 5.9.8.1 Redhat Cfme Gemset 5.9.9.1 Redhat Cfme Gemset 5.9.9.3 Redhat Cfme Gemset 5.10.0.33 Redhat Cfme Gemset 5.10.1.2 Redhat Cfme Gemset 5.10.2.2 Redhat Cfme Gemset 5.10.3.3 Redhat Cfme Gemset 5.10.4.3 Redhat Cloudforms 4.7	17

Redhat

advisories

rhsa

id	RHSA-2019:2466

rpms

ansible-tower-0:3.5.1-1.el7at
ansible-tower-server-0:3.5.1-1.el7at
ansible-tower-setup-0:3.5.1-1.el7at
ansible-tower-ui-0:3.5.1-1.el7at
ansible-tower-venv-ansible-0:3.5.1-1.el7at
ansible-tower-venv-tower-0:3.5.1-1.el7at
cfme-0:5.10.8.0-1.el7cf
cfme-amazon-smartstate-0:5.10.8.0-1.el7cf
cfme-appliance-0:5.10.8.0-1.el7cf
cfme-appliance-common-0:5.10.8.0-1.el7cf
cfme-appliance-debuginfo-0:5.10.8.0-1.el7cf
cfme-appliance-tools-0:5.10.8.0-1.el7cf
cfme-debuginfo-0:5.10.8.0-1.el7cf
cfme-gemset-0:5.10.8.0-1.el7cf
cfme-gemset-debuginfo-0:5.10.8.0-1.el7cf
rubygem-nokogiri-0:1.8.5-1.el7cf
rubygem-nokogiri-debuginfo-0:1.8.5-1.el7cf
rubygem-nokogiri-doc-0:1.8.5-1.el7cf

Summary

Vulnerable Configurations

Redhat

References