Authentication Bypass Vulnerability in Foreman Tasks by Red Hat
CVE-2019-10198

6.5MEDIUM

Key Information:

Vendor

The Foreman Project

Status
Foreman-tasks
Vendor
CVE Published:
31 July 2019

What is CVE-2019-10198?

An authentication bypass vulnerability was identified in Foreman Tasks versions prior to 0.15.7, allowing unauthorized users to access task details through the web interface or API. This occurs if attackers can guess or discover the UUID of the task, circumventing normal authorization checks that were previously enforced during task searches. This flaw exposes sensitive information and can lead to further attacks if exploited.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

foreman-tasks 0.15.7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10198
x_refsource_CONFIRM
https://projects.theforeman.org/issues/27275
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3172
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.