Описание
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:rave:0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:rave:0.20:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.85269
Высокий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
EPSS
Процентиль: 99%
0.85269
Высокий
4 Medium
CVSS2
Дефекты
CWE-200