PT-2019-6326 · Supervisor+3 · Supervisor+3

Luan Souza

Publicado

2019-05-29

Atualizado

2024-08-04

CVE-2019-12105

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Supervisor versions 4.0.2 and earlier

Description The issue is related to the inet http server component, which can allow an unauthenticated user to read log files or restart a service if it is enabled and no password is set. The maintainer has added an additional warning to the documentation but will not remove the ability to run an open server. This could potentially allow a remote attacker to access confidential data or cause a denial of service.

Recommendations For Supervisor versions 4.0.2 and earlier, consider disabling the inet http server component or setting a password to prevent unauthorized access. As a temporary workaround, restrict access to the Supervisor logs and services to minimize the risk of exploitation. Ensure that the inet http server component is properly configured and secured to prevent potential attacks.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

ALT-PU-2019-4165

BDU:2023-01676

CVE-2019-12105

OPENSUSE-SU-2024:11414-1

PYSEC-2019-126

Produtos afetados

Alt Linux

Astra Linux

Debian

Supervisor

PT-2019-6326 · Supervisor+3 · Supervisor+3

CVE-2019-12105

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19