CVE-2019-13023

MEDIUM

Jetstream Jetselect - Information Disclosure

Title source: rule

Description

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

References (1)

[Third Party Advisory] https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/

Scores

CVSS v3 6.5

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (1)

jetstream/jetselect

Timeline

Published May 14, 2020

Tracked Since Feb 18, 2026