GHSA-428j-q447-47rw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-428j-q447-47rw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-428j-q447-47rw/GHSA-428j-q447-47rw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-428j-q447-47rw
- Aliases
-
- CVE-2013-1814
- Published
- 2022-05-17T05:07:50Z
- Modified
- 2024-12-06T05:37:22.964903Z
- Summary
- Apache Rave information disclosure vulnerability
- Details
-
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
- Database specific
{ "nvd_published_at": "2013-03-14T00:55:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-05T20:58:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-1814
- https://github.com/apache/rave/commit/546edbaacfcb7b3fcc81aafe37a5c58e401b66c6
- https://github.com/apache/rave
- https://web.archive.org/web/20130512040207/http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
- http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
- http://www.exploit-db.com/exploits/24744
Affected packages
Maven / org.apache.rave:rave-core
Package
- Name
- org.apache.rave:rave-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.rave/rave-core
Maven / org.apache.rave:rave-web
Package
- Name
- org.apache.rave:rave-web
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.rave/rave-web
Maven / org.apache.rave:rave-portal-resources
Package
- Name
- org.apache.rave:rave-portal-resources
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.rave/rave-portal-resources