vulnerability
SUSE: CVE-2019-10136: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 2, 2019 | Sep 6, 2019 | Oct 22, 2021 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 2, 2019
Added
Sep 6, 2019
Modified
Oct 22, 2021
Description
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Solutions
suse-upgrade-mgr-cfgsuse-upgrade-mgr-cfg-actionssuse-upgrade-mgr-cfg-clientsuse-upgrade-mgr-cfg-managementsuse-upgrade-mgr-daemonsuse-upgrade-mgr-osadsuse-upgrade-mgr-virtualization-hostsuse-upgrade-python2-mgr-cfgsuse-upgrade-python2-mgr-cfg-actionssuse-upgrade-python2-mgr-cfg-clientsuse-upgrade-python2-mgr-cfg-managementsuse-upgrade-python2-mgr-osa-commonsuse-upgrade-python2-mgr-osadsuse-upgrade-python2-mgr-virtualization-commonsuse-upgrade-python2-mgr-virtualization-hostsuse-upgrade-python2-rhnlibsuse-upgrade-spacecmdsuse-upgrade-spacewalk-backend-libssuse-upgrade-spacewalk-remote-utils
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.