Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
References
Link | Resource |
---|---|
https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1 | Release Notes |
https://search-guard.com/cve-advisory/ | Vendor Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: floragunn
Published: 2019-08-23T13:26:46
Updated: 2019-08-23T13:26:46
Reserved: 2019-07-08T00:00:00
Link: CVE-2019-13421
JSON object: View
NVD Information
Status : Modified
Published: 2019-08-23T14:15:11.467
Modified: 2019-10-09T23:46:28.607
Link: CVE-2019-13421
JSON object: View
Redhat Information
No data.