cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.
CPE | Name | Operator | Version |
---|---|---|---|
cfme-gemset | ge | 5.9.0.22 | |
cfme-gemset | le | 5.9.9.3 | |
cfme-gemset | ge | 5.10.0.33 | |
cfme-gemset | le | 5.10.4.3 | |
cloudforms | eq | 4.7 |