CVE-2019-10198

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
Configurations

Configuration 1

cpe:2.3:a:theforeman:foreman-tasks:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*

Information

Published : 2019-07-31 10:15

Updated : 2020-09-30 06:16


NVD link : CVE-2019-10198

Mitre link : CVE-2019-10198

Products Affected
No products.
CWE