CVE-2019-8919

{"id": "CVE-2019-8919", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-02-18T20:29:00.327", "references": [{"url": "https://github.com/haiwen/seadroid/issues/789", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/haiwen/seadroid/issues/789", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks."}, {"lang": "es", "value": "La aplicaci\u00f3n seadroid (tambi\u00e9n conocida como Seafile Android Client), hasta la versi\u00f3n 2.2.13 para Android siempre utiliza el mismo vector de inicializaci\u00f3n (IV) con el modo Cipher Block Chaining (CBC) para cifrar datos privados, facilitando los ataques de texto plano escogido o de diccionario."}], "lastModified": "2024-11-21T04:50:39.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seafile:seadroid:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "F696D986-C3C7-4134-A319-624F1C5F4483", "versionEndIncluding": "2.2.13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}