CVE-2019-14860

Name
CVE-2019-14860
Description
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860
Vendor Advisory https://access.redhat.com/errata/RHSA-2019:3892

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:fuse:*:*:*:*:*:*:*:* fuse >= None < 7.5.0
cpe:2.3:a:redhat:syndesis:-:*:*:*:*:*:*:* syndesis == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
fuse 3.14-main 2.9.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.13-main 2.9.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.12-main 2.9.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.11-main 2.9.8-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.15-main 2.9.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.16-main 2.9.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.17-main 2.9.9-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.18-main 2.9.9-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.19-main 2.9.9-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse 3.20-main 2.9.9-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
fuse edge-community 2.9.9-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable