Lucene search

[email protected]CVE-2024-29886

HistoryMar 27, 2024 - 7:15 p.m.

CVE-2024-29886

2024-03-2719:15:49

CWE-916

[email protected]

web.nvd.nist.gov

serverpod

rainbow attacks

password hash

vulnerability

fixed version

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.

Affected configurations

Vulners

Node

serverpodserverpodRange<1.2.6

CNA Affected

[
  {
    "vendor": "serverpod",
    "product": "serverpod",
    "versions": [
      {
        "version": "< 1.2.6",
        "status": "affected"
      }
    ]
  }
]

References

github.com/serverpod/serverpod/commit/a78b9e9f1de74d1300633a122b6cc0f064139ad6

github.com/serverpod/serverpod/security/advisories/GHSA-r75m-26cq-mjxc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-29886

nvd1 cvelist1 github1 osv2