How severe is CVE-2019-13423?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-13423?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2019-13423 - HIGH Severity | CVSS 8.8

Vulnerability Description

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time

Related Vulnerabilities

CVE-2012-3462

HIGH

CVSS:8.8(High)

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of...

CWE-2872012

CVE-2013-4863

HIGH

CVSS:8.8(High)

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 4...

CWE-2872013

CVE-2013-7051

HIGH

CVSS:8.8(High)

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CWE-2872013

CVE-2015-2880

HIGH

CVSS:8.8(High)

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-2872015

CVE-2015-6397

HIGH

CVSS:8.8(High)

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that accou...

CWE-2872015

CVE-2015-8332

HIGH

CVSS:8.8(High)

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...

CWE-2872015