Lucene search

MitreCVE-2019-19805

HistoryDec 30, 2019 - 6:15 p.m.

CVE-2019-19805

2019-12-3018:15:16

CWE-203

mitre

web.nvd.nist.gov

cve-2019-19805

security vulnerability

account enumeration

timing attack

mfscripts

yetishare

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses.

Affected configurations

Nvd

Node

mfscriptsyetishareRange3.5.2–4.5.3

VendorProductVersionCPE
mfscriptsyetishare*cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mfscripts	yetishare	*	cpe:2.3:a:mfscripts:yetishare::::::::

References

medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for CVE-2019-19805