PT-2019-13333 · Floragunn · Search Guard

Published

2019-08-23

Updated

2019-10-09

CVE-2019-13421

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Search Guard versions prior to 23.1

Description The issue allows an administrative user to retrieve bcrypt password hashes of other users configured in the internal user database.

Recommendations For versions prior to 23.1, update to version 23.1 or later to resolve the issue.

Exploit

Fix

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2019-13421

Search Guard