Vulnerability Details CVE-2013-1814
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.87
EPSS Ranking 99.4%
CVSS Severity
CVSS v2 Score 4.0
Products affected by CVE-2013-1814
-
cpe:2.3:a:apache:rave:0.11
-
cpe:2.3:a:apache:rave:0.12
-
cpe:2.3:a:apache:rave:0.13
-
cpe:2.3:a:apache:rave:0.14
-
cpe:2.3:a:apache:rave:0.15
-
cpe:2.3:a:apache:rave:0.16
-
cpe:2.3:a:apache:rave:0.17
-
cpe:2.3:a:apache:rave:0.18
-
cpe:2.3:a:apache:rave:0.19
-
cpe:2.3:a:apache:rave:0.20