Lucene search

GoogleOSV:CVE-2024-29886

HistoryMar 27, 2024 - 7:15 p.m.

CVE-2024-29886

2024-03-2719:15:49

Google

osv.dev

serverpod

app

vulnerability

fixed

password hash algorithm

compromise

rainbow attacks

database

flutter

dart

ecosystem

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.

CPENameOperatorVersion
serverpodeq0.9.18
serverpodeq0.9.16
serverpodeq1.2.0-rc.2
serverpodeq0.8.6
serverpodeq0.9.8
serverpodeq0.9.19
serverpodeq1.2.0-rc.4
serverpodeq1.0.0
serverpodeq0.9.7
serverpodeq0.8.3

Name	Operator	Version
serverpod	eq	0.9.18
serverpod	eq	0.9.16
serverpod	eq	1.2.0-rc.2
serverpod	eq	0.8.6
serverpod	eq	0.9.8
serverpod	eq	0.9.19
serverpod	eq	1.2.0-rc.4
serverpod	eq	1.0.0
serverpod	eq	0.9.7
serverpod	eq	0.8.3

Rows per page:

1-10 of 231

References

github.com/serverpod/serverpod/commit/a78b9e9f1de74d1300633a122b6cc0f064139ad6

github.com/serverpod/serverpod/security/advisories/GHSA-r75m-26cq-mjxc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for OSV:CVE-2024-29886