2019-03-27 12:00:51 +00:00
{
2023-02-02 21:01:38 +00:00
"data_version" : "4.0" ,
2019-03-27 12:00:51 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2019-10146" ,
2020-03-18 15:01:25 +00:00
"ASSIGNER" : "secalert@redhat.com" ,
"STATE" : "PUBLIC"
2020-02-05 11:32:27 +05:30
} ,
2023-02-02 21:01:38 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" ,
"cweId" : "CWE-79"
}
]
}
]
} ,
2020-02-05 11:32:27 +05:30
"affects" : {
"vendor" : {
"vendor_data" : [
{
2020-03-18 15:12:18 +01:00
"vendor_name" : "Red Hat" ,
2020-02-05 11:32:27 +05:30
"product" : {
"product_data" : [
{
2023-02-02 21:01:38 +00:00
"product_name" : "Red Hat Enterprise Linux 7" ,
"version" : {
"version_data" : [
{
"version_value" : "0:10.5.18-12.el7_9" ,
"version_affected" : "!"
}
]
}
} ,
{
"product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support" ,
"version" : {
"version_data" : [
{
"version_value" : "0:10.5.9-15.el7_6" ,
"version_affected" : "!"
}
]
}
} ,
{
"product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support" ,
"version" : {
"version_data" : [
{
"version_value" : "0:10.5.16-7.el7_7" ,
"version_affected" : "!"
}
]
}
} ,
{
"product_name" : "Red Hat Enterprise Linux 8" ,
2020-02-05 11:32:27 +05:30
"version" : {
"version_data" : [
{
2023-02-02 21:01:38 +00:00
"version_value" : "8030020200911215836.5ff1562f" ,
"version_affected" : "!"
} ,
{
"version_value" : "8030020200527165326.30b713e6" ,
"version_affected" : "!"
2020-02-05 11:32:27 +05:30
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
2023-02-02 21:01:38 +00:00
"url" : "https://access.redhat.com/errata/RHSA-2020:4847" ,
"refsource" : "MISC" ,
"name" : "https://access.redhat.com/errata/RHSA-2020:4847"
} ,
2019-03-27 12:00:51 +00:00
{
2023-02-02 21:01:38 +00:00
"url" : "https://access.redhat.com/errata/RHSA-2021:0819" ,
"refsource" : "MISC" ,
"name" : "https://access.redhat.com/errata/RHSA-2021:0819"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2021:0851" ,
"refsource" : "MISC" ,
"name" : "https://access.redhat.com/errata/RHSA-2021:0851"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2021:0975" ,
"refsource" : "MISC" ,
"name" : "https://access.redhat.com/errata/RHSA-2021:0975"
} ,
{
"url" : "https://access.redhat.com/security/cve/CVE-2019-10146" ,
"refsource" : "MISC" ,
"name" : "https://access.redhat.com/security/cve/CVE-2019-10146"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1710171" ,
"refsource" : "MISC" ,
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1710171"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10146" ,
"refsource" : "MISC" ,
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10146"
2019-03-27 12:00:51 +00:00
}
]
2020-02-05 11:32:27 +05:30
} ,
2023-02-02 21:01:38 +00:00
"credits" : [
{
"lang" : "en" ,
"value" : "This issue was discovered by Pritam Singh (Red Hat)."
}
] ,
2020-02-05 11:32:27 +05:30
"impact" : {
"cvss" : [
2023-02-02 21:01:38 +00:00
{
"attackComplexity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 4.7 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"privilegesRequired" : "NONE" ,
"scope" : "CHANGED" ,
"userInteraction" : "REQUIRED" ,
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"version" : "3.0"
}
2020-02-05 11:32:27 +05:30
]
2019-03-27 12:00:51 +00:00
}
2020-03-18 15:01:25 +00:00
}
