← Voltar para CVEs
CVE-2019-12105
HIGH8.2
Descricao
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/10/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
supervisord:supervisor
Fraquezas (CWE)
CWE-306
Referencias
https://github.com/Supervisor/supervisor/commit/4e334d9cf2a1daff685893e35e72398437df3dcb(cve@mitre.org)
https://github.com/Supervisor/supervisor/issues/1245(cve@mitre.org)
http://supervisord.org/configuration.html#inet-http-server-section-settings(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Supervisor/supervisor/commit/4e334d9cf2a1daff685893e35e72398437df3dcb(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Supervisor/supervisor/issues/1245(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.