CVE-2018-5559

Опубликовано: 28 нояб. 2018

Источник: nvd

CVSS3: 3.4

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.

Ссылки

https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1
Release Notes
Vendor Advisory
https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/
Exploit
Third Party Advisory
https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1
Release Notes
Vendor Advisory
https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rapid7:komand:*:*:*:*:*:*:*:*

Версия до 0.41.0 (включая)

EPSS

Процентиль: 36%

0.00149

Низкий

3.4 Low

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-212

CWE-312

Связанные уязвимости

GHSA-5rgv-v326-94h6

CVSS3: 4.9

github

больше 3 лет назад

EPSS

Процентиль: 36%

0.00149

Низкий

3.4 Low

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-212

CWE-312