Vulnerability Description
In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dynmap Project | Dynmap | < 3.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN89046645/index.htmlThird Party Advisory
- https://github.com/webbukkit/dynmap/commit/641f142cd3ccdcbfb04eda3059be22dd9ed93PatchThird Party Advisory
- https://github.com/webbukkit/dynmap/issues/2474ExploitIssue TrackingThird Party Advisory
- https://github.com/webbukkit/dynmap/pull/2475PatchThird Party Advisory
- http://jvn.jp/en/jp/JVN89046645/index.htmlThird Party Advisory
- https://github.com/webbukkit/dynmap/commit/641f142cd3ccdcbfb04eda3059be22dd9ed93PatchThird Party Advisory
- https://github.com/webbukkit/dynmap/issues/2474ExploitIssue TrackingThird Party Advisory
- https://github.com/webbukkit/dynmap/pull/2475PatchThird Party Advisory
FAQ
What is CVE-2019-12395?
CVE-2019-12395 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting.
How severe is CVE-2019-12395?
CVE-2019-12395 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12395?
Check the references section above for vendor advisories and patch information. Affected products include: Dynmap Project Dynmap.