Is CVE-2019-12105 actively exploited?

CVE-2019-12105 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-12105?

CVE-2019-12105 has a CVSS score of 8.2 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.

How do I patch CVE-2019-12105?

Patch guidance is available from supervisord security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-12105.

Which products are affected by CVE-2019-12105?

1 product: supervisord supervisor.

Fix CVE-2019-12105 - HIGH supervisord supervisor

Description

In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: high
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: SUPERVISORD
Published: 9/10/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2019-12105

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary