CVE-2019-13421

CVE-2019-13421

Vendor Floragunn
Product Search Guard
Weakness CWE-522 · Insufficiently protected credentials
Published August 23, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

Key dates

02Disclosure timeline

August 23, 2019 CVE published
August 4, 2024 Record updated