From e8f0c8ca2315a922b300d70de0699f718e7fcf56 Mon Sep 17 00:00:00 2001 From: "mrehak@redhat.com" Date: Wed, 14 Aug 2019 09:49:26 +0200 Subject: [PATCH] init CVE-2019-10199 --- 2019/10xxx/CVE-2019-10199.json | 61 +++++++++++++++++++++++++++++++--- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/2019/10xxx/CVE-2019-10199.json b/2019/10xxx/CVE-2019-10199.json index 227a078cc7e..c4a1340c71c 100644 --- a/2019/10xxx/CVE-2019-10199.json +++ b/2019/10xxx/CVE-2019-10199.json @@ -4,15 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mrehak@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "up to keycloak 6.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } -} \ No newline at end of file +}