MEDIUM🇬🇧 English

CVE-2019-10198

CVSS 6.5v3.1pub. 2019-07-31upd. 2024-11-21

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Red Hat Satellite

    APP
    Redhat
    6.6
  • Theforeman Foreman Tasks

    APP
    Theforeman
    < 0.15.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2015-2590CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows re...

CVE-2024-7923CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w Pulpcore/Red Hat Satellite przez nagłówek HTTP

CVE-2024-7012CRITICAL9.8PL ✓ten sam produkt

Authentication Bypass w Foreman/Red Hat Satellite via zniekształcony nagłówek HTTP

CVE-2023-0118CRITICAL9.1ten sam produkt

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in t...