EPSS
Percentile
22.7%
It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
bugzilla.redhat.com/show_bug.cgi?id=1708696
nvd.nist.gov/vuln/detail/CVE-2019-10136
www.cve.org/CVERecord?id=CVE-2019-10136