EPSS
Percentile
22.7%
spacewalk uses insecure authentication signature validation. The client token checksums are not properly computed, which would allow an attacker to extend session validity by modifying the authenticated header set without modifying the checksum.
www.securityfocus.com/bid/109029
access.redhat.com/errata/RHSA-2019:1661
access.redhat.com/security/cve/CVE-2019-10136
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1708696
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136