CVE-2019-13421

MEDIUM

search-guard < 23.1 - Authenticated Insufficiently Protected Credentials

Title source: llm

Description

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://search-guard.com/cve-advisory/

Release Notes x_refsource_confirm

https://docs.search-guard.com/6.x-23/changelog-searchguard-6-x-23_1

Exploit, Third Party Advisory x_refsource_misc

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SySS-2018-025.txt

Scores

CVSS v3 4.9

EPSS 0.0113

EPSS Percentile 62.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200 CWE-522

Status published

Products (1)

search-guard/search_guard < 23.1

Published Aug 23, 2019

Tracked Since Feb 18, 2026