CVE-2019-19627
MEDIUMSROS2 0.8.1 - Exposure of Sensitive Information via ROS 2 Node Data Leak
Title source: llmDescription
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/aliasrobotics/RVD/issues/922
Third Party Advisory x_refsource_misc
https://github.com/ros2/sros2/issues/172
Third Party Advisory x_refsource_misc
https://asciinema.org/a/yuGkBlaPC33wqL4qABRlgxBkd
Vendor Advisory x_refsource_misc
https://ros-swg.github.io/ROSCon19_Security_Workshop/
Third Party Advisory x_refsource_misc
https://github.com/ros-swg/turtlebot3_demo
Scores
CVSS v3
5.3
EPSS
0.0215
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
ros/sros2
0.8.1
Published
Dec 06, 2019
Tracked Since
Feb 18, 2026