Candidate: CVE-2019-3992
PublicDate: 2019-12-17 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3992
 https://www.tenable.com/security/research/tra-2019-53
Description:
 ELOG 3.1.4-57bea22 and below is affected by an information disclosure
 vulnerability. A remote unauthenticated attacker can access the server's
 configuration file by sending an HTTP GET request. Amongst the
 configuration data, the attacker may gain access to valid admin usernames
 and, in older versions of ELOG, passwords.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_elog:
upstream_elog: needs-triage
precise/esm_elog: DNE
trusty_elog: ignored (out of standard support)
trusty/esm_elog: DNE
xenial_elog: ignored (end of standard support, was needs-triage)
bionic_elog: needs-triage
disco_elog: ignored (reached end-of-life)
eoan_elog: ignored (reached end-of-life)
focal_elog: needs-triage
groovy_elog: ignored (reached end-of-life)
hirsute_elog: ignored (reached end-of-life)
impish_elog: needs-triage
jammy_elog: needs-triage
devel_elog: DNE