PT-2019-6326 · Supervisor+3 · Supervisor+3

Luan Souza

Published

2019-05-29

Updated

2024-08-04

CVE-2019-12105

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Supervisor versions 4.0.2 and earlier

Description The issue is related to the inet http server component, which can allow an unauthenticated user to read log files or restart a service if it is enabled and no password is set. The maintainer has added an additional warning to the documentation but will not remove the ability to run an open server. This could potentially allow a remote attacker to access confidential data or cause a denial of service.

Recommendations For Supervisor versions 4.0.2 and earlier, consider disabling the inet http server component or setting a password to prevent unauthorized access. As a temporary workaround, restrict access to the Supervisor logs and services to minimize the risk of exploitation. Ensure that the inet http server component is properly configured and secured to prevent potential attacks.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

ALT-PU-2019-4165

BDU:2023-01676

CVE-2019-12105

OPENSUSE-SU-2024:11414-1

PYSEC-2019-126

Affected Products

Alt Linux

Astra Linux

Debian

Supervisor

PT-2019-6326 · Supervisor+3 · Supervisor+3

CVE-2019-12105

Weakness Enumeration

Related Identifiers

Affected Products

References · 19