How severe is CVE-2019-19687?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-19687?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2019-19687 - HIGH Severity | CVSS 8.8

Vulnerability Description

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

Related Vulnerabilities

CVE-2016-9593

HIGH

CVSS:8.8(High)

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...

CWE-5222016

CVE-2017-15656

HIGH

CVSS:8.8(High)

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

CWE-5222017

CVE-2017-7547

HIGH

CVSS:8.8(High)

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by ...

CWE-5222017

CVE-2018-1000610

HIGH

CVSS:8.8(High)

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionCo...

CWE-5222018

CVE-2018-10286

HIGH

CVSS:8.8(High)

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certai...

CWE-5222018

CVE-2018-4190

HIGH

CVSS:8.8(High)

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected....

CWE-5222018