| Vulnerability Name: | CVE-2019-3992 (CCN-173275) | ||||||||||||||||
| Assigned: | 2019-12-12 | ||||||||||||||||
| Published: | 2019-12-12 | ||||||||||||||||
| Updated: | 2020-10-15 | ||||||||||||||||
| Summary: | ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords. | ||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-319 | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-3992 Source: CCN Type: ELOG Web site ELOG Source: XF Type: UNKNOWN elog-cve20193992-info-disc(173275) Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-9f8bc040c8 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-f49fe7f011 Source: CCN Type: Tenable Advisory ID: TRA-2019-53 ELOG Multiple Vulnerabilities Source: MISC Type: Exploit, Third Party Advisory https://www.tenable.com/security/research/tra-2019-53 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||