Vulnerability Details CVE-2019-10198
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://access.redhat.com/errata/RHSA-2019:3172
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10198
- https://projects.theforeman.org/issues/27275
- https://access.redhat.com/errata/RHSA-2019:3172
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10198
- https://projects.theforeman.org/issues/27275
Products affected by CVE-2019-10198
-
cpe:2.3:a:redhat:satellite:6.6
-
cpe:2.3:a:theforeman:foreman-tasks:-
-
cpe:2.3:a:theforeman:foreman-tasks:0.11.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.11.2
-
cpe:2.3:a:theforeman:foreman-tasks:0.11.3
-
cpe:2.3:a:theforeman:foreman-tasks:0.12.0
-
cpe:2.3:a:theforeman:foreman-tasks:0.12.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.12.2
-
cpe:2.3:a:theforeman:foreman-tasks:0.13.0
-
cpe:2.3:a:theforeman:foreman-tasks:0.13.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.13.2
-
cpe:2.3:a:theforeman:foreman-tasks:0.13.3
-
cpe:2.3:a:theforeman:foreman-tasks:0.13.4
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.0
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.2
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.3
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.4
-
cpe:2.3:a:theforeman:foreman-tasks:0.14.5
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.0
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.2
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.3
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.4
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.5
-
cpe:2.3:a:theforeman:foreman-tasks:0.15.6
-
cpe:2.3:a:theforeman:foreman-tasks:0.3.0
-
cpe:2.3:a:theforeman:foreman-tasks:0.3.1
-
cpe:2.3:a:theforeman:foreman-tasks:0.3.2