A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 | Issue Tracking Mitigation Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 | Issue Tracking Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.1 |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 - Issue Tracking, Mitigation, Vendor Advisory |
Information
Published : 2019-07-02 20:15
Updated : 2024-11-21 04:18
NVD link : CVE-2019-10137
Mitre link : CVE-2019-10137
CVE.ORG link : CVE-2019-10137
JSON object : View
Products Affected
redhat
- spacewalk
- satellite
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')