Maven package
org.apache.rave/rave-core
pkg:maven/org.apache.rave/rave-core
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-1814 | — | >= 0.11, < 0.20.1 | 0.20.1 | Mar 14, 2013 | The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. |
- CVE-2013-1814Mar 14, 2013affected >= 0.11, < 0.20.1fixed 0.20.1
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.