Lucene search

GitHub_MCVELIST:CVE-2024-29886

HistoryMar 27, 2024 - 6:42 p.m.

CVE-2024-29886 Improved security for stored password hashes

2024-03-2718:42:45

CWE-916

GitHub_M

www.cve.org

cve-2024-29886

serverpod

password hashes

vulnerability

rainbow attacks

database compromise

algorithm update

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.

CNA Affected

[
  {
    "vendor": "serverpod",
    "product": "serverpod",
    "versions": [
      {
        "version": "< 1.2.6",
        "status": "affected"
      }
    ]
  }
]

References

github.com/serverpod/serverpod/commit/a78b9e9f1de74d1300633a122b6cc0f064139ad6

github.com/serverpod/serverpod/security/advisories/GHSA-r75m-26cq-mjxc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-29886