CVE-2019-8400 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
ory	hydra	0.1:beta1
ory	hydra	0.1:beta2
ory	hydra	0.1:beta3
ory	hydra	0.1:beta4
ory	hydra	0.2.0
ory	hydra	0.3.0
ory	hydra	0.3.1
ory	hydra	0.4.0
ory	hydra	0.4.1
ory	hydra	0.4.2
ory	hydra	0.4.2:alpha
ory	hydra	0.4.2:alpha1
ory	hydra	0.4.2:alpha2
ory	hydra	0.4.2:alpha3
ory	hydra	0.4.2:alpha4
ory	hydra	0.4.3
ory	hydra	0.5.0
ory	hydra	0.5.1
ory	hydra	0.5.2
ory	hydra	0.5.3
ory	hydra	0.5.4
ory	hydra	0.5.5
ory	hydra	0.5.6
ory	hydra	0.5.7
ory	hydra	0.5.8
ory	hydra	0.6.0
ory	hydra	0.6.1
ory	hydra	0.6.2
ory	hydra	0.6.3
ory	hydra	0.6.4
ory	hydra	0.6.5
ory	hydra	0.6.6
ory	hydra	0.6.7
ory	hydra	0.6.8
ory	hydra	0.6.9
ory	hydra	0.6.10
ory	hydra	0.7.0
ory	hydra	0.7.1
ory	hydra	0.7.2
ory	hydra	0.7.3
ory	hydra	0.7.4
ory	hydra	0.7.5
ory	hydra	0.7.6
ory	hydra	0.7.7
ory	hydra	0.7.8
ory	hydra	0.7.9
ory	hydra	0.7.10
ory	hydra	0.7.11
ory	hydra	0.7.12
ory	hydra	0.7.13
ory	hydra	0.8.0
ory	hydra	0.8.1
ory	hydra	0.8.2
ory	hydra	0.8.3
ory	hydra	0.8.4
ory	hydra	0.8.5
ory	hydra	0.8.6
ory	hydra	0.8.7
ory	hydra	0.9.0
ory	hydra	0.9.1
ory	hydra	0.9.2
ory	hydra	0.9.3
ory	hydra	0.9.4
ory	hydra	0.9.5
ory	hydra	0.9.6
ory	hydra	0.9.7
ory	hydra	0.9.8
ory	hydra	0.9.9
ory	hydra	0.9.10
ory	hydra	0.9.11
ory	hydra	0.9.12
ory	hydra	0.9.13
ory	hydra	0.9.14
ory	hydra	0.9.15
ory	hydra	0.9.16
ory	hydra	0.10.0
ory	hydra	0.10.0:alpha1
ory	hydra	0.10.0:alpha10
ory	hydra	0.10.0:alpha11
ory	hydra	0.10.0:alpha12
ory	hydra	0.10.0:alpha13
ory	hydra	0.10.0:alpha14
ory	hydra	0.10.0:alpha15
ory	hydra	0.10.0:alpha16
ory	hydra	0.10.0:alpha17
ory	hydra	0.10.0:alpha18
ory	hydra	0.10.0:alpha19
ory	hydra	0.10.0:alpha2
ory	hydra	0.10.0:alpha20
ory	hydra	0.10.0:alpha21
ory	hydra	0.10.0:alpha3
ory	hydra	0.10.0:alpha4
ory	hydra	0.10.0:alpha5
ory	hydra	0.10.0:alpha6
ory	hydra	0.10.0:alpha7
ory	hydra	0.10.0:alpha8
ory	hydra	0.10.0:alpha9
ory	hydra	0.10.1
ory	hydra	0.10.2
ory	hydra	0.10.3
ory	hydra	0.10.4
ory	hydra	0.10.5
ory	hydra	0.10.6
ory	hydra	0.10.7
ory	hydra	0.10.8
ory	hydra	0.10.9
ory	hydra	0.10.10
ory	hydra	0.11.0
ory	hydra	0.11.1
ory	hydra	0.11.2
ory	hydra	0.11.3
ory	hydra	0.11.4
ory	hydra	0.11.6
ory	hydra	0.11.7
ory	hydra	0.11.9
ory	hydra	0.11.10
ory	hydra	0.11.12
ory	hydra	0.11.14
ory	hydra	1.0.0:beta1
ory	hydra	1.0.0:beta2
ory	hydra	1.0.0:beta3
ory	hydra	1.0.0:beta4
ory	hydra	1.0.0:beta5
ory	hydra	1.0.0:beta6
ory	hydra	1.0.0:beta7
ory	hydra	1.0.0:beta8
ory	hydra	1.0.0:beta9
ory	hydra	1.0.0:rc1
ory	hydra	1.0.0:rc2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk

https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06

https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3

https://hackerone.com/reports/456333

https://www.youtube.com/watch?v=RIyZLeKEC8E

https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk

https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06

https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3

https://hackerone.com/reports/456333

https://www.youtube.com/watch?v=RIyZLeKEC8E