CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3993

HIGH
7.5
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile18.72th
PublishedDec 17, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.

Affected Platforms (CPE)

πŸ“¦
Elog Project

Elog

<= 3.1.4-57bea22
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31

References & Advisories

πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/
πŸ”— https://www.tenable.com/security/research/tra-2019-53
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/
πŸ”— https://www.tenable.com/security/research/tra-2019-53

Related Vulnerabilities

CVE-2008-700410.0

Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.

CVE-2005-44397.8

Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly ex...

CVE-2019-39957.5

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthen...

CVE-2019-39947.5

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated at...