Home > Vulnerability Database > WS-2018-0631

Mend.io Vulnerability Database

WS-2018-0631

Good to know:

Date: February 2, 2018

In “cockroachdb/cockroach”, v1.2-alpha.20171211 to v2.0-alpha.20180129 allow the setting of a user's password in an insecure mode, thus risking the confidealty.

Language: Go

Severity Score

4.3

Related Resources (2)

Url: https://github.com/cockroachdb/cockroach/commit/1a95e808e214a30c649df71580e60008bede6406

Url: https://www.mend.io/vulnerability-database/WS-2018-0631

Severity Score

4.3

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version v2.0-alpha.20180205

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0631

Good to know:

Date: February 2, 2018

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?