Vulnerability Details CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
- https://search-guard.com/cve-advisory/
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
- https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1
- https://search-guard.com/cve-advisory/
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt
Products affected by CVE-2019-13421
-
cpe:2.3:a:search-guard:search_guard:-
-
cpe:2.3:a:search-guard:search_guard:1
-
cpe:2.3:a:search-guard:search_guard:21.0
-
cpe:2.3:a:search-guard:search_guard:22.3
-
cpe:2.3:a:search-guard:search_guard:23.0
-
cpe:2.3:a:search-guard:search_guard:4.6.0-1
-
cpe:2.3:a:search-guard:search_guard:4.6.0-2
-
cpe:2.3:a:search-guard:search_guard:5.0.2-1
-
cpe:2.3:a:search-guard:search_guard:5.0.2-2
-
cpe:2.3:a:search-guard:search_guard:5.1.1-1
-
cpe:2.3:a:search-guard:search_guard:5.1.1-2
-
cpe:2.3:a:search-guard:search_guard:5.1.2-1
-
cpe:2.3:a:search-guard:search_guard:5.1.2-2
-
cpe:2.3:a:search-guard:search_guard:5.2.0-1
-
cpe:2.3:a:search-guard:search_guard:5.2.0-2
-
cpe:2.3:a:search-guard:search_guard:5.2.0-3
-
cpe:2.3:a:search-guard:search_guard:5.2.1-1
-
cpe:2.3:a:search-guard:search_guard:5.2.1-2
-
cpe:2.3:a:search-guard:search_guard:5.2.1-3
-
cpe:2.3:a:search-guard:search_guard:5.2.2
-
cpe:2.3:a:search-guard:search_guard:5.2.2-1
-
cpe:2.3:a:search-guard:search_guard:5.2.2-2
-
cpe:2.3:a:search-guard:search_guard:5.2.2-3
-
cpe:2.3:a:search-guard:search_guard:5.3.0-1
-
cpe:2.3:a:search-guard:search_guard:5.3.0-2
-
cpe:2.3:a:search-guard:search_guard:5.3.0-3
-
cpe:2.3:a:search-guard:search_guard:5.3.1-2
-
cpe:2.3:a:search-guard:search_guard:5.3.1-3
-
cpe:2.3:a:search-guard:search_guard:5.3.2-2
-
cpe:2.3:a:search-guard:search_guard:5.3.2-3
-
cpe:2.3:a:search-guard:search_guard:5.3.3-3
-
cpe:2.3:a:search-guard:search_guard:5.4.0
-
cpe:2.3:a:search-guard:search_guard:5.4.0-3
-
cpe:2.3:a:search-guard:search_guard:5.4.0-4
-
cpe:2.3:a:search-guard:search_guard:5.4.1-3
-
cpe:2.3:a:search-guard:search_guard:5.4.1-4
-
cpe:2.3:a:search-guard:search_guard:5.4.2-3
-
cpe:2.3:a:search-guard:search_guard:5.4.2-4
-
cpe:2.3:a:search-guard:search_guard:5.4.3
-
cpe:2.3:a:search-guard:search_guard:5.4.3-3
-
cpe:2.3:a:search-guard:search_guard:5.4.3-4
-
cpe:2.3:a:search-guard:search_guard:5.5.0-3
-
cpe:2.3:a:search-guard:search_guard:5.5.0-4
-
cpe:2.3:a:search-guard:search_guard:5.5.1-3
-
cpe:2.3:a:search-guard:search_guard:5.5.1-4
-
cpe:2.3:a:search-guard:search_guard:5.5.2-4
-
cpe:2.3:a:search-guard:search_guard:5.5.3-4
-
cpe:2.3:a:search-guard:search_guard:5.6.0-4
-
cpe:2.3:a:search-guard:search_guard:5.6.0-5
-
cpe:2.3:a:search-guard:search_guard:5.6.2-4
-
cpe:2.3:a:search-guard:search_guard:5.6.2-5
-
cpe:2.3:a:search-guard:search_guard:5.6.3-4
-
cpe:2.3:a:search-guard:search_guard:5.6.3-5
-
cpe:2.3:a:search-guard:search_guard:5.6.4-5
-
cpe:2.3:a:search-guard:search_guard:5.6.5-5
-
cpe:2.3:a:search-guard:search_guard:5.6.6-5
-
cpe:2.3:a:search-guard:search_guard:5.6.7-6
-
cpe:2.3:a:search-guard:search_guard:5.6.8-6
-
cpe:2.3:a:search-guard:search_guard:5.6.8-7
-
cpe:2.3:a:search-guard:search_guard:6.1.0-10
-
cpe:2.3:a:search-guard:search_guard:6.1.0-8
-
cpe:2.3:a:search-guard:search_guard:6.1.1-10
-
cpe:2.3:a:search-guard:search_guard:6.1.1-12
-
cpe:2.3:a:search-guard:search_guard:6.1.1-9
-
cpe:2.3:a:search-guard:search_guard:6.1.2-10
-
cpe:2.3:a:search-guard:search_guard:6.1.2-12
-
cpe:2.3:a:search-guard:search_guard:6.1.2-9
-
cpe:2.3:a:search-guard:search_guard:6.1.3-10
-
cpe:2.3:a:search-guard:search_guard:6.1.3-12
-
cpe:2.3:a:search-guard:search_guard:6.1.3-9
-
cpe:2.3:a:search-guard:search_guard:6.1.4-12
-
cpe:2.3:a:search-guard:search_guard:6.2.1-10
-
cpe:2.3:a:search-guard:search_guard:6.2.1-12
-
cpe:2.3:a:search-guard:search_guard:6.2.1-14
-
cpe:2.3:a:search-guard:search_guard:6.2.1-15
-
cpe:2.3:a:search-guard:search_guard:6.2.2-10
-
cpe:2.3:a:search-guard:search_guard:6.2.2-12
-
cpe:2.3:a:search-guard:search_guard:6.2.2-14
-
cpe:2.3:a:search-guard:search_guard:6.2.2-15
-
cpe:2.3:a:search-guard:search_guard:6.2.3-12
-
cpe:2.3:a:search-guard:search_guard:6.2.3-14
-
cpe:2.3:a:search-guard:search_guard:6.2.3-15
-
cpe:2.3:a:search-guard:search_guard:6.2.4-14
-
cpe:2.3:a:search-guard:search_guard:6.2.4-15
-
cpe:2.3:a:search-guard:search_guard:6.3.0-14
-
cpe:2.3:a:search-guard:search_guard:6.3.0-16
-
cpe:2.3:a:search-guard:search_guard:6.3.1-14
-
cpe:2.3:a:search-guard:search_guard:6.3.1-15
-
cpe:2.3:a:search-guard:search_guard:6.3.1-16
-
cpe:2.3:a:search-guard:search_guard:6.3.2-14
-
cpe:2.3:a:search-guard:search_guard:6.3.2-15
-
cpe:2.3:a:search-guard:search_guard:6.3.2-16
-
cpe:2.3:a:search-guard:search_guard:6.4.0-15
-
cpe:2.3:a:search-guard:search_guard:6.4.0-16
-
cpe:2.3:a:search-guard:search_guard:6.4.1-16
-
cpe:2.3:a:search-guard:search_guard:6.4.2-16
-
cpe:2.3:a:search-guard:search_guard:6.4.3-16
-
cpe:2.3:a:search-guard:search_guard:6.5.1-16
-
cpe:2.3:a:search-guard:search_guard:6.5.3-16