CVE-2019-10159 MEDIUM

CVE-2019-10159

Vendor Red Hat
Product cfme
Weakness CWE-285
Published June 14, 2019
Last update August 4, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

Key dates

02Disclosure timeline

June 14, 2019 CVE published
August 4, 2024 Record updated