Privilege Escalation

cfme-gemset is vulnerable to privilege escalation. The vulnerability exists as an attacker with a specific group can perform actions restricted only to system administrator...

Privilege Escalation

cfme-gemset is vulnerable to privilege escalation. The vulnerability exists as it is missing access control, leading to escalation of admin group privileges...

Authorization Bypass

cfme-gemset is vulnerable to authorization bypass. The vulnerability exists through missing functional level access control & IDOR lead to compromise...

Cross-site Scripting (XSS)

cfme-gemset is vulnerable to cross-site scripting XSS. The vulnerability exists in the report menu title...

cfme: Improper authorization in migration log controller allows any user to access VM migration logs

A data leak vulnerability was found in cfme-gemset, in versions including and prior to 5.10.4.3 and versions including and prior to 5.9.9.3, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user account can access all VM migration logs...

CVE-2019-10159

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available...

CVE-2019-10159

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available...

Authorization

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available...

CVE-2019-10159

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available...

CVE-2019-10159

CVE-2019-10159 affects cfme-gemset versions 5.10.4.3 and below and 5.9.9.3 and below, due to an improper authorization in the migration log controller that can leak VM migration logs to any unprivileged user. Documents consistently identify the issue as a data-leak vulnerability in cfme-gemset. A...

PT-2019-11603 · Red Hat · Cfme-Gemset

Name of the Vulnerable Software and Affected Versions: cfme-gemset versions 5.10.4.3 and below cfme-gemset versions 5.9.9.3 and below Description: The issue is related to an improper authorization in the migration log controller, which can lead to a data leak. An attacker with access to an...

CVE-2019-10159

A data leak vulnerability was found in cfme-gemset, in versions including and prior to 5.10.4.3 and versions including and prior to 5.9.9.3, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user account can access all VM migration logs...

Privilege Escalation

cfme-gemset is vulnerable to privilege escalation attacks. The vulnerability exists as a flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC VMWare Remote Console functions that may not be appropriate fo...