VDB
CVE-2019-12105
CVE-2019-12105
PUBLISHED
CVSS 8.199999809265137 HIGH
In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation
EPSS 1.53% · 81.6th percentile
Risk Scores
CVSS v3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS Score
1.53%
81.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| supervisord | supervisor | 0 |
| n/a | n/a | n/a |
Timeline
- Sep 10, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://github.com/Supervisor/supervisor/commit/4e334d9cf2a1daff685893e35e72398437df3dcb url
- https://github.com/Supervisor/supervisor/issues/1245 url
- http://supervisord.org/configuration.html#inet-http-server-section-settings url
- https://nvd.nist.gov/vuln/detail/CVE-2019-12105 advisory
- http://supervisord.org/configuration.html#supervisorctl-section-settings url