CVE-2019-13421 - OpenCVE

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Search-guard	Search Guard

Configuration 1 [-]

cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*:*

References

Link	Resource
https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1	Release Notes
https://search-guard.com/cve-advisory/	Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: floragunn

Published: 2019-08-23T13:26:46

Updated: 2019-08-23T13:26:46

Reserved: 2019-07-08T00:00:00

Link: CVE-2019-13421

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-23T14:15:11.467

Modified: 2019-10-09T23:46:28.607

Link: CVE-2019-13421

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Search Guard", "vendor": "floragunn", "versions": [{"lessThan": "23.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"}], "descriptions": [{"lang": "en", "value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-23T13:26:46", "orgId": "9f311a02-c44f-4938-8530-9219246b8255", "shortName": "floragunn"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search-guard.com/cve-advisory/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"}, {"tags": ["x_refsource_MISC"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"}], "source": {"discovery": "EXTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@search-guard.com", "ID": "CVE-2019-13421", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Search Guard", "version": {"version_data": [{"version_affected": "<", "version_value": "23.1"}]}}]}, "vendor_name": "floragunn"}]}}, "credit": [{"lang": "eng", "value": "This security vulnerability was found by Torsten Lutz and Oliver Streicher of SySS\nGmbH.\n\nE-Mail: torsten.lutz (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Torsten_Lutz.asc\nKey Fingerprint: DAB2 86A6 C099 1350 9FCB FB9B 94E8 DC24 BAEC ACC8\n\nE-Mail: oliver.streicher (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Oliver_Streicher.asc\nKey Fingerprint: 1973 E30F 7966 F45E CCAB 1BF1 3F08 A35E DCB8 35D6"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522: Insufficiently Protected Credentials"}]}]}, "references": {"reference_data": [{"name": "https://search-guard.com/cve-advisory/", "refsource": "MISC", "url": "https://search-guard.com/cve-advisory/"}, {"name": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1", "refsource": "CONFIRM", "url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"}, {"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt", "refsource": "MISC", "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"}]}, "source": {"advisory": "", "defect": [], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255", "assignerShortName": "floragunn", "cveId": "CVE-2019-13421", "datePublished": "2019-08-23T13:26:46", "dateReserved": "2019-07-08T00:00:00", "dateUpdated": "2019-08-23T13:26:46", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:search-guard:search_guard:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2F307D1-D38D-48A0-A7C9-1167EDEAAA7F", "versionEndExcluding": "23.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database."}, {"lang": "es", "value": "Las versiones de Search Guard anteriores a 23.1 ten\u00edan el problema de que un usuario administrativo pod\u00eda recuperar los hash de contrase\u00f1a de bcrypt de otros usuarios configurados en la base de datos interna de usuarios."}], "id": "CVE-2019-13421", "lastModified": "2019-10-09T23:46:28.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-23T14:15:11.467", "references": [{"source": "security@search-guard.com", "tags": ["Release Notes"], "url": "https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1"}, {"source": "security@search-guard.com", "tags": ["Vendor Advisory"], "url": "https://search-guard.com/cve-advisory/"}, {"source": "security@search-guard.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt"}], "sourceIdentifier": "security@search-guard.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "security@search-guard.com", "type": "Secondary"}]}