CVE-2019-10159

Description

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

Red Hat / cfme5.10.4.3 and below, 5.9.9.3 and below – 5.10.4.3 and below, 5.9.9.3 and below

References

MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2466