RedHatRHSA-2019:1663(RHSA-2019:1663) Important: spacewalk-backend and spacewalk-proxy security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%
Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities.
Security Fix(es):
- spacewalk-proxy: Path traversal in proxy authentication cache (CVE-2019-10137)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | noarch | spacewalk-proxy-management | < 2.5.0-8.el6sat | spacewalk-proxy-management-2.5.0-8.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-backend | < 2.5.3-177.el6sat | spacewalk-backend-2.5.3-177.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-proxy-broker | < 2.5.0-8.el6sat | spacewalk-proxy-broker-2.5.0-8.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-proxy-redirect | < 2.5.0-8.el6sat | spacewalk-proxy-redirect-2.5.0-8.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-backend-libs | < 2.5.3-177.el6sat | spacewalk-backend-libs-2.5.3-177.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-proxy-package-manager | < 2.5.0-8.el6sat | spacewalk-proxy-package-manager-2.5.0-8.el6sat.noarch.rpm |
| RedHat | 6 | noarch | spacewalk-proxy-common | < 2.5.0-8.el6sat | spacewalk-proxy-common-2.5.0-8.el6sat.noarch.rpm |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%