CVE-2019-13410 - OpenCVE

TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Topmeeting	Topmeeting

Configuration 1 [-]

cpe:2.3:a:topmeeting:topmeeting:*:*:*:*:*:*:*:*

References

Link	Resource
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002	Third Party Advisory
https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2019-10-16T00:00:00

Updated: 2019-10-17T19:25:59

Reserved: 2019-07-08T00:00:00

Link: CVE-2019-13410

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-17T20:15:12.050

Modified: 2021-09-14T12:09:14.057

Link: CVE-2019-13410

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "TOPMeeting", "vendor": "TOPOO Technology", "versions": [{"status": "affected", "version": "before version 8.8 (2019/08/19)"}]}], "datePublic": "2019-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-17T19:25:59", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"}], "source": {"discovery": "UNKNOWN"}, "title": "TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2019-10-16T16:00:00.000Z", "ID": "CVE-2019-13410", "STATE": "PUBLIC", "TITLE": "TOPMeeting version before version 8.8 (2019/08/19) allows an attacker to obtain sensitive information"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TOPMeeting", "version": {"version_data": [{"version_value": "before version 8.8 (2019/08/19)"}]}}]}, "vendor_name": "TOPOO Technology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html", "refsource": "CONFIRM", "url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"}, {"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002", "refsource": "CONFIRM", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2019-13410", "datePublished": "2019-10-16T00:00:00", "dateReserved": "2019-07-08T00:00:00", "dateUpdated": "2019-10-17T19:25:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:topmeeting:topmeeting:*:*:*:*:*:*:*:*", "matchCriteriaId": "673E9BDA-0E12-46E0-91C6-71B4EDDD0F54", "versionEndExcluding": "8.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TOPMeeting before version 8.8 (2019/08/19) shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page."}, {"lang": "es", "value": "TOPMeeting versiones anteriores a 8.8 (19/08/2019) muestra la cuenta y la contrase\u00f1a de los asistentes en la p\u00e1gina front end que permite a un atacante obtener informaci\u00f3n confidencial mediante la navegaci\u00f3n del c\u00f3digo fuente de la p\u00e1gina."}], "id": "CVE-2019-13410", "lastModified": "2021-09-14T12:09:14.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-17T20:15:12.050", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201907002"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-128-3020-27eb5-2.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}