suse · CVE-2019-10137

Quick triage

Priority: medium Published: 2021-05-30 14:26:39 UTC Updated: 2026-03-05 06:20:24 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-10137 severity moderate: SUSE including 292 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 301 product×package rows across 5 product lines (SUSE Manager Proxy 3.2, SUSE Manager Proxy Module 4.0, … (5 product lines)): Known Affected 231, Fixed 70.

Description:

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.

cvelogic Threat Intelligence