Unrated severityNVD Advisory· Published Jul 31, 2019· Updated Aug 4, 2024

CVE-2019-10198

Description

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.

Affected products

The Foreman Project/Foreman Tasksv5
Range: 0.15.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2019:3172mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
projects.theforeman.org/issues/27275mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000