4.3

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatSatellite Version5.8
RedhatSpacewalk Version <= 2.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.429
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

http://www.securityfocus.com/bid/109029
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136
Vendor Advisory
Issue Tracking