cve-2019-19234
Vulnerability from cvelistv5
Published
2019-12-19 20:35
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/devel.html#1.8.30b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/132985"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2019-19234/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2019-19234"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/bulletinapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:02:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sudo.ws/stable.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/devel.html#1.8.30b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/132985"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/security/cve/CVE-2019-19234/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/cve-2019-19234"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/security-alerts/bulletinapr2020.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sudo.ws/stable.html",
"refsource": "MISC",
"url": "https://www.sudo.ws/stable.html"
},
{
"name": "https://www.sudo.ws/devel.html#1.8.30b2",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/devel.html#1.8.30b2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0004/"
},
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748"
},
{
"name": "https://www.tenable.com/plugins/nessus/132985",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/132985"
},
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234",
"refsource": "CONFIRM",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234"
},
{
"name": "https://www.suse.com/security/cve/CVE-2019-19234/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2019-19234/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html"
},
{
"name": "https://access.redhat.com/security/cve/cve-2019-19234",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/cve-2019-19234"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "FEDORA-2020-7c1b270959",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
},
{
"name": "https://www.oracle.com/security-alerts/bulletinapr2020.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/security-alerts/bulletinapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19234",
"datePublished": "2019-12-19T20:35:02",
"dateReserved": "2019-11-22T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19234\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-19T21:15:13.823\",\"lastModified\":\"2024-11-21T04:34:23.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** En Sudo hasta la versi\u00f3n 1.8.29, no se considera el hecho de que un usuario haya sido bloqueado (por ejemplo, al usar el car\u00e1cter! En el archivo de sombra en lugar de un hash de contrase\u00f1a), lo que permite que un atacante (que tiene acceso a una cuenta de sudoer Runas ALL) para suplantar a cualquier usuario bloqueado. NOTA: El responsable del software cree que este CVE no es v\u00e1lido. Deshabilitar la autenticaci\u00f3n de contrase\u00f1a local para un usuario no es lo mismo que deshabilitar todo acceso a ese usuario; el usuario a\u00fan puede iniciar sesi\u00f3n por otros medios (clave ssh, kerberos, etc.). Tanto los manuales Linux shadow (5) como passwd (1) son claros al respecto. De hecho, es un caso de uso v\u00e1lido tener cuentas locales a las que solo se puede acceder mediante sudo y que no se pueden iniciar sesi\u00f3n con una contrase\u00f1a. Sudo 1.8.30 agreg\u00f3 una configuraci\u00f3n opcional para verificar el _shell_ del usuario objetivo (\u00a1no la contrase\u00f1a cifrada!) Contra el contenido de / etc / shells, pero eso no es lo mismo que impedir el acceso a los usuarios con un hash de contrase\u00f1a no v\u00e1lido.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sudo:sudo:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.29\",\"matchCriteriaId\":\"E313952C-D529-4DEC-A046-C7A29AFDE26C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/cve-2019-19234\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200103-0004/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/bulletinapr2020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.sudo.ws/devel.html#1.8.30b2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sudo.ws/stable.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.suse.com/security/cve/CVE-2019-19234/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.tenable.com/plugins/nessus/132985\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/security/cve/cve-2019-19234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200103-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2019-19234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1018-5505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=LIN1019-3816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/bulletinapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.sudo.ws/devel.html#1.8.30b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sudo.ws/stable.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.suse.com/security/cve/CVE-2019-19234/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/plugins/nessus/132985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.