Описание
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | openshift-elasticsearch-plugin | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.9 | search-guard-2 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch5 | Fix deferred |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1747476search-guard: Administrative user is able to retrieve bcrypt password hashes of other users
EPSS
Процентиль: 59%
0.00388
Низкий
4.9 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.9
nvd
больше 6 лет назад
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
CVSS3: 4.9
github
больше 3 лет назад
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
EPSS
Процентиль: 59%
0.00388
Низкий
4.9 Medium
CVSS3