Lucene search

[email protected]CVE-2019-25060

HistoryMay 09, 2022 - 5:15 p.m.

CVE-2019-25060

2022-05-0917:15:00

CWE-284

[email protected]

web.nvd.nist.gov

2097

wpgraphql

wordpress

plugin

cve-2019-25060

security vulnerability

remote attack

information disclosure

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.0%

JSON

The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.

CPENameOperatorVersion
wpgraphql:wpgraphqlwpgraphqllt0.3.5

CPE	Name	Operator	Version
wpgraphql:wpgraphql	wpgraphql	lt	0.3.5

References

github.com/wp-graphql/wp-graphql/pull/900

wpscan.com/vulnerability/393be73a-f8dc-462f-8670-f20ab89421fc

Social References

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.0%

JSON

Related for CVE-2019-25060

prion1 osv2 cnvd1 github1