CVE-2019-10177

2025-06-12 02:05:39 +00:00 · 2019-06-27 14:43:15 +02:00 · 2019-06-27 14:43:15 +02:00 · f7e066607b
commit f7e066607b
parent 0361e7dd8f
1 changed files with 57 additions and 4 deletions
--- a/2019/10xxx/CVE-2019-10177.json
+++ b/2019/10xxx/CVE-2019-10177.json
@ -4,15 +4,68 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-10177",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Red Hat",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "CloudForms",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "5.9, 5.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10177",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10177",
+                "refsource": "CONFIRM"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A store cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could be leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}