正文

Apache Jackrabbit Oak 信息泄露漏洞

admin
admin V管理员 /0 评论 /11 阅读
0302
此篇文章发布距今已超过1163天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Apache Jackrabbit Oak 信息泄露漏洞

  • CNNVD编号:CNNVD-202001-1250
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2020-1940
  • 漏洞类型: 信息泄露
  • 发布时间: 2020-01-28
  • 威胁类型: 远程
  • 更新时间: 2021-07-26
  • 厂        商:
  • 漏洞来源:

漏洞简介

Apache Jackrabbit Oak 1.2.0至1.22.0版本中的初始密码更改和密码日期失效功能存在信息泄露漏洞。攻击者可利用该漏洞获取新的密码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

http://jackrabbit.apache.org/oak/docs/security/reports.html

参考网址

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/ra6b3e78f5ed545c1d859d664f66c6d3fc5d731d9b1d842349654e4f0@%3Ccommits.jackrabbit.apache.org%3E

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/r601637e38ee743e845856a4e24915cb8db26ae80ca782bef91989cbc@%3Coak-commits.jackrabbit.apache.org%3E

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/ra295f919586b19def7cc7713d9d78595507d5f703362fccb779eeeb9@%3Coak-commits.jackrabbit.apache.org%3E

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/rb3023cfd45441b570c1abaa347d0cac78df97b5d3f27d674d01b3d2a@%3Ccommits.jackrabbit.apache.org%3E

来源:lists.apache.org

链接:https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0@%3Cannounce.jackrabbit.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rba884dbe733781cbaaffa28b77bc37a6a9f948b3a72a1bdad5e1587c@%3Ccommits.jackrabbit.apache.org%3E

来源:MLIST

链接:http://www.openwall.com/lists/oss-security/2020/01/28/1

来源:MLIST

链接:https://lists.apache.org/thread.html/r45b0e2fb6ac51c5a03952b08b5e0efde1249ecb809884cc87eb0bd99@%3Ccommits.jackrabbit.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rc35a57ecdeae342d46f729d6bc9750ba860c101f450cc171798dba28@%3Coak-commits.jackrabbit.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r3da8e2fd253ecd4d3a0de71ce255631148b54be8500225b5812f7737@%3Coak-commits.jackrabbit.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rbef4701b5ce4d827182e70ad7b4d987a9157682ba3643e05a9ef5a7b@%3Ccommits.jackrabbit.apache.org%3E

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-1940

受影响实体

    暂无


补丁

  • Apache Jackrabbit Oak 信息泄露漏洞的修复措施
    <!--
    2020-1-28
    -->