CVE-2019-13349

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
knowage-suiteknowage
𝑥
≤ 6.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.contentsecurity.com.au/knowage-password-hash-disclosure
https://blog.contentsecurity.com.au/knowage-password-hash-disclosure