cfme-gemset is vulnerable to information disclosure. Improper authorization in the migration log controller allows any user to access VM migration logs.
access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/release_notes
access.redhat.com/errata/RHSA-2019:1833
access.redhat.com/errata/RHSA-2019:2466
access.redhat.com/security/cve/CVE-2019-10159
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1703461
bugzilla.redhat.com/show_bug.cgi?id=1703474
bugzilla.redhat.com/show_bug.cgi?id=1718080
bugzilla.redhat.com/show_bug.cgi?id=1723833
bugzilla.redhat.com/show_bug.cgi?id=1726313
bugzilla.redhat.com/show_bug.cgi?id=1727443
bugzilla.redhat.com/show_bug.cgi?id=1728270
bugzilla.redhat.com/show_bug.cgi?id=1728403
bugzilla.redhat.com/show_bug.cgi?id=1728706
bugzilla.redhat.com/show_bug.cgi?id=1728707
bugzilla.redhat.com/show_bug.cgi?id=1728708
bugzilla.redhat.com/show_bug.cgi?id=1728889
bugzilla.redhat.com/show_bug.cgi?id=1731157
bugzilla.redhat.com/show_bug.cgi?id=1731237
bugzilla.redhat.com/show_bug.cgi?id=1731977
bugzilla.redhat.com/show_bug.cgi?id=1731991
bugzilla.redhat.com/show_bug.cgi?id=1731992
bugzilla.redhat.com/show_bug.cgi?id=1732117
bugzilla.redhat.com/show_bug.cgi?id=1732156
bugzilla.redhat.com/show_bug.cgi?id=1733290
bugzilla.redhat.com/show_bug.cgi?id=1733375
bugzilla.redhat.com/show_bug.cgi?id=1734122
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10159