CVE-2019-13421

Опубликовано: 23 авг. 2019

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

Ссылки

https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
Release Notes
https://search-guard.com/cve-advisory/
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
Exploit
Third Party Advisory
https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
Release Notes
https://search-guard.com/cve-advisory/
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*:*

Версия до 23.1 (исключая)

EPSS

Процентиль: 59%

0.00388

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522

CWE-200

Связанные уязвимости

CVE-2019-13421

CVSS3: 4.9

redhat

больше 6 лет назад

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

GHSA-qvfv-5h6h-r46w

CVSS3: 4.9

github

больше 3 лет назад

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

EPSS

Процентиль: 59%

0.00388

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522

CWE-200