PT-2019-13333 · Floragunn · Search Guard

Publicado

2019-08-23

Atualizado

2019-10-09

CVE-2019-13421

CVSS v3.1

4.9

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Search Guard versions prior to 23.1

Description The issue allows an administrative user to retrieve bcrypt password hashes of other users configured in the internal user database.

Recommendations For versions prior to 23.1, update to version 23.1 or later to resolve the issue.

Exploit

Correção

Insufficiently Protected Credentials

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2019-13421

Search Guard