CVE-2013-1814
Description
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
87.152
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-1814 are fixed in Apache-rave-core 0.20.1 | Windows |
| Vulnerabilities CVE-2013-1814 are fixed in Apache-rave-portal-resources 0.20.1 | Windows |
| Vulnerabilities CVE-2013-1814 are fixed in Apache - rave-web 0.20.1 | Windows |
| Vulnerabilities CVE-2013-1814 are fixed in Apache-rave-core for Linux 0.20.1 | Linux |
| Vulnerabilities CVE-2013-1814 are fixed in Apache-rave-portal-resources for Linux 0.20.1 | Linux |
| Vulnerabilities CVE-2013-1814 are fixed in Apache - rave-web for Linux 0.20.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234