CVE-2019-10159

MEDIUM

cfme-gemset <5.10.4.3 & <5.9.9.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2466

Scores

CVSS v3 4.3
EPSS 0.0022
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-285
Status published
Products (2)
redhat/cfme-gemset 5.9.0.22 - 5.9.9.3
redhat/cloudforms 4.7
Published Jun 14, 2019
Tracked Since Feb 18, 2026