CVE-2019-10198

Published: 31/07/2019 Updated: 30/09/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

An authentication bypass vulnerability exists in foreman-tasks prior to 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman-tasks
redhat satellite 6.6

Synopsis Moderate: Red Hat Satellite 6 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Satellite 66 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Hello, An authorization bypass was discovered in the Foreman tasks plugin which allows authenticated users to see details of tasks without validating the user has proper permissions to do so Viewing the details requires prior knowledge of the task UUID, which can not be easily guessed This affects Foreman tasks since version 078, and fixed in ...

CWE-306 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10198 https://projects.theforeman.org/issues/27275 https://access.redhat.com/errata/RHSA-2019:3172 https://access.redhat.com/errata/RHSA-2019:3172 https://nvd.nist.gov

CVE-2019-10198

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect