CVE-2019-12395

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12395

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12395.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12395

Published

2019-05-28T13:29:00.490Z

Modified

2025-11-20T10:55:44.588594Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.

References

Affected packages

Git / github.com/webbukkit/dynmap

Affected ranges

Type: GIT
Repo: https://github.com/webbukkit/dynmap
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

641f142cd3ccdcbfb04eda3059be22dd9ed93783

Affected versions

0.*

0.07

0.08

0.09

0.10

0.11

0.12

0.12.1

0.13

0.14

0.15

0.16

0.17

0.18

0.19

0.19.1

0.19.2

0.20

0.21

0.22

0.25

0.25.1

0.26

0.27

0.28

0.29

0.29.1

0.29.2

0.30

0.30.1

0.31

0.32

0.33

0.34

0.35

0.36

0.36.1

0.36.2

0.36.3

0.37

0.38

0.39

0.40

0.50

0.60

0.70

0.70.1

0.70.2

0.70.3

0.80

0.90

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.7

1.8

1.9.1

1.9.2-alpha-1

1.9.3

1.9.4

2.*

2.0.0

2.1

2.1-alpha-1

2.2

2.3

2.4

3.*

3.0-alpha-1

3.0-beta-1

3.0-beta-2

3.0-beta-3

v2.*

v2.5

v3.*

v3.0-alpha-1

v3.0-alpha-2

v3.0-alpha-3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12395.json"