CVE-2019-19394

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19394

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19394.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19394

Published

2020-04-16T19:15:22.510Z

Modified

2026-04-10T04:16:23.277344Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.

References

https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/

Affected packages

Git / github.com/cfengine/core

Affected ranges

Type

GIT

Repo

https://github.com/cfengine/core

Events

Introduced

dc823da05d6790e9f95e3cb75618b51d6273e303

Fixed

60af34434c70c282cd67d4d8d6d4b08231c1d37a

Introduced

7f5df18819155d786f66f9fb4ca1c5c80d2b1c29

Fixed

156b9adbc31f711fc9ddc8b1d9b63027ea9d0461

Introduced

Last affected

7dedbc5a80fe244d77393c6477f00640dd26608d

Database specific

{
    "versions": [
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.7"
        },
        {
            "introduced": "3.12.0"
        },
        {
            "fixed": "3.12.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.7"
        }
    ]
}

Affected versions

3.*

3.10.0

3.10.0-build2

3.10.0-build3

3.10.0-build4

3.10.1

3.10.1-build1

3.10.2

3.10.2-build1

3.10.2a-PTV

3.10.2a-PTV-build1

3.10.3

3.10.3-2-build1

3.10.3-DTV-MP-logging-build1

3.10.3-DTV-MP-logging-build2

3.10.3-WMI-build1

3.10.3-build1

3.10.3-build2

3.10.3-build3

3.10.3-build4

3.10.3-build5

3.10.4

3.10.4-build1

3.10.4-build2

3.10.4-build3

3.10.5

3.10.5-2-build1

3.10.5-2-build2

3.10.5-build1

3.10.5-build2

3.10.5-build3

3.10.5-build4

3.10.5-build5

3.10.6

3.10.6-build1

3.10.6-build2

3.10.6-build3

3.12.0

3.12.0-3756

3.12.0-build4

3.12.0-build5

3.12.0-build6

3.12.1

3.12.1-build1

3.12.1-build2

3.12.1-build3

3.12.1-build4

3.12.2

3.12.2-build1

3.12.2-build2

3.12.3-build1

3.12.3-build2

3.12.3-build3

3.12.3-build4

3.3.x-branchpoint

3.4.0a1

3.4.x-branchpoint

3.5.0a1

3.5.0a2

3.5.0b1

3.5.x-branchpoint

3.6.0b1

3.6.0b1-build1

3.6.0b1-build2

3.6.0b1-build3

3.6.0b1-build4

3.6.0b2

3.6.0b2-build1

3.6.0b2-build3

3.6.0b2-build4

3.6.0b2-build5

3.6.0eb1-build1

3.6.0eb1-build2

3.6.0eb2-build1

3.6.0eb2-build2

3.6.x-branchpoint

3.6rc

3.6rc-build2

3.7.0

3.7.0-build1

3.7.0-build2

3.7.0-build3

3.7.0-build4

3.7.0-build5

3.7.0-build6

3.7.0-build7

3.7.0b1

3.7.0b1-build1

3.7.0b1-build2

3.7.0b1-build3

3.7.0b1-build4

Other

svn-migration-point

v3.*

v3.6.0a0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19394.json"