Vulnerability Details CVE-2019-12395
In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://jvn.jp/en/jp/JVN89046645/index.html
- https://github.com/webbukkit/dynmap/commit/641f142cd3ccdcbfb04eda3059be22dd9ed93783
- https://github.com/webbukkit/dynmap/issues/2474
- https://github.com/webbukkit/dynmap/pull/2475
- http://jvn.jp/en/jp/JVN89046645/index.html
- https://github.com/webbukkit/dynmap/commit/641f142cd3ccdcbfb04eda3059be22dd9ed93783
- https://github.com/webbukkit/dynmap/issues/2474
- https://github.com/webbukkit/dynmap/pull/2475
Products affected by CVE-2019-12395
-
cpe:2.3:a:dynmap_project:dynmap:0.07
-
cpe:2.3:a:dynmap_project:dynmap:0.08
-
cpe:2.3:a:dynmap_project:dynmap:0.09
-
cpe:2.3:a:dynmap_project:dynmap:0.10
-
cpe:2.3:a:dynmap_project:dynmap:0.11
-
cpe:2.3:a:dynmap_project:dynmap:0.12
-
cpe:2.3:a:dynmap_project:dynmap:0.12.1
-
cpe:2.3:a:dynmap_project:dynmap:0.13
-
cpe:2.3:a:dynmap_project:dynmap:0.14
-
cpe:2.3:a:dynmap_project:dynmap:0.15
-
cpe:2.3:a:dynmap_project:dynmap:0.16
-
cpe:2.3:a:dynmap_project:dynmap:0.16.1
-
cpe:2.3:a:dynmap_project:dynmap:0.17
-
cpe:2.3:a:dynmap_project:dynmap:0.18
-
cpe:2.3:a:dynmap_project:dynmap:0.18.1
-
cpe:2.3:a:dynmap_project:dynmap:0.19
-
cpe:2.3:a:dynmap_project:dynmap:0.19.1
-
cpe:2.3:a:dynmap_project:dynmap:0.19.2
-
cpe:2.3:a:dynmap_project:dynmap:0.20
-
cpe:2.3:a:dynmap_project:dynmap:0.20.1
-
cpe:2.3:a:dynmap_project:dynmap:0.21
-
cpe:2.3:a:dynmap_project:dynmap:0.21.1
-
cpe:2.3:a:dynmap_project:dynmap:0.22
-
cpe:2.3:a:dynmap_project:dynmap:0.22.1
-
cpe:2.3:a:dynmap_project:dynmap:0.25
-
cpe:2.3:a:dynmap_project:dynmap:0.25.1
-
cpe:2.3:a:dynmap_project:dynmap:0.26
-
cpe:2.3:a:dynmap_project:dynmap:0.27
-
cpe:2.3:a:dynmap_project:dynmap:0.28
-
cpe:2.3:a:dynmap_project:dynmap:0.29
-
cpe:2.3:a:dynmap_project:dynmap:0.29.1
-
cpe:2.3:a:dynmap_project:dynmap:0.29.2
-
cpe:2.3:a:dynmap_project:dynmap:0.30
-
cpe:2.3:a:dynmap_project:dynmap:0.30.1
-
cpe:2.3:a:dynmap_project:dynmap:0.31
-
cpe:2.3:a:dynmap_project:dynmap:0.32
-
cpe:2.3:a:dynmap_project:dynmap:0.33
-
cpe:2.3:a:dynmap_project:dynmap:0.34
-
cpe:2.3:a:dynmap_project:dynmap:0.35
-
cpe:2.3:a:dynmap_project:dynmap:0.36
-
cpe:2.3:a:dynmap_project:dynmap:0.36.1
-
cpe:2.3:a:dynmap_project:dynmap:0.36.2
-
cpe:2.3:a:dynmap_project:dynmap:0.36.3
-
cpe:2.3:a:dynmap_project:dynmap:0.37
-
cpe:2.3:a:dynmap_project:dynmap:0.38
-
cpe:2.3:a:dynmap_project:dynmap:0.39
-
cpe:2.3:a:dynmap_project:dynmap:0.40
-
cpe:2.3:a:dynmap_project:dynmap:0.50
-
cpe:2.3:a:dynmap_project:dynmap:0.60
-
cpe:2.3:a:dynmap_project:dynmap:0.70
-
cpe:2.3:a:dynmap_project:dynmap:0.70.1
-
cpe:2.3:a:dynmap_project:dynmap:0.70.2
-
cpe:2.3:a:dynmap_project:dynmap:0.70.3
-
cpe:2.3:a:dynmap_project:dynmap:0.80
-
cpe:2.3:a:dynmap_project:dynmap:0.90
-
cpe:2.3:a:dynmap_project:dynmap:1.0
-
cpe:2.3:a:dynmap_project:dynmap:1.1
-
cpe:2.3:a:dynmap_project:dynmap:1.2
-
cpe:2.3:a:dynmap_project:dynmap:1.3
-
cpe:2.3:a:dynmap_project:dynmap:1.4
-
cpe:2.3:a:dynmap_project:dynmap:1.5
-
cpe:2.3:a:dynmap_project:dynmap:1.7
-
cpe:2.3:a:dynmap_project:dynmap:1.8
-
cpe:2.3:a:dynmap_project:dynmap:1.9.1
-
cpe:2.3:a:dynmap_project:dynmap:1.9.2
-
cpe:2.3:a:dynmap_project:dynmap:1.9.3
-
cpe:2.3:a:dynmap_project:dynmap:1.9.4
-
cpe:2.3:a:dynmap_project:dynmap:2.0.0
-
cpe:2.3:a:dynmap_project:dynmap:2.1
-
cpe:2.3:a:dynmap_project:dynmap:2.2
-
cpe:2.3:a:dynmap_project:dynmap:2.3
-
cpe:2.3:a:dynmap_project:dynmap:2.4
-
cpe:2.3:a:dynmap_project:dynmap:2.5
-
cpe:2.3:a:dynmap_project:dynmap:3.0