CVE-2018-5559
Last modified
CVE-2018-5559 is a vulnerability of currently unknown severity. In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Komand | <= 0.41.0 |
References
- https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1Release Notes, Vendor Advisory
- https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/Exploit, Third Party Advisory
- https://docs.komand.com/docs/release-notes#section-komand-v0-42-0-2018-11-1Release Notes, Vendor Advisory
- https://www.alexanderjaeger.de/cve-2018-5559_my_first_cve/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5559?
How severe is CVE-2018-5559?
How do I fix CVE-2018-5559?
Are you affected by CVE-2018-5559?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST