CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 Issue Tracking Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 Issue Tracking Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:18

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 8.1
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 - Issue Tracking, Mitigation, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 - Issue Tracking, Mitigation, Vendor Advisory

Information

Published : 2019-07-02 20:15

Updated : 2024-11-21 04:18


NVD link : CVE-2019-10137

Mitre link : CVE-2019-10137

CVE.ORG link : CVE-2019-10137


JSON object : View

Products Affected

redhat

  • spacewalk
  • satellite
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')