CVE-2013-1814: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
References
- archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
- www.exploit-db.com/exploits/24744/
- github.com/advisories/GHSA-428j-q447-47rw
- github.com/apache/rave/commit/546edbaacfcb7b3fcc81aafe37a5c58e401b66c6
- nvd.nist.gov/vuln/detail/CVE-2013-1814
- web.archive.org/web/20130512040207/http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
Detect and mitigate CVE-2013-1814 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →