CVE-2019-13348 : Security Advisory and Response

Knowage through version 6.1.1 allows authenticated users to access datasources and view clear and unencrypted credentials, including database information.

Understanding CVE-2019-13348

This CVE highlights a vulnerability in Knowage that exposes sensitive credentials to authenticated users.

What is CVE-2019-13348?

In Knowage version 6.1.1, authenticated users accessing the datasources page can retrieve unencrypted credentials for all data sources, such as databases.

The Impact of CVE-2019-13348

The vulnerability poses a significant security risk as it allows unauthorized access to sensitive information, potentially leading to data breaches and unauthorized data manipulation.

Technical Details of CVE-2019-13348

Knowage through version 6.1.1 is affected by a flaw that exposes clear and unencrypted credentials to authenticated users.

Vulnerability Description

When users with proper authentication access the datasources page, they can view credentials in cleartext, compromising the security of the system.

Affected Systems and Versions

Product: Knowage
Versions affected: 6.1.1

Exploitation Mechanism

The vulnerability can be exploited by authenticated users with access to the datasources page, allowing them to retrieve sensitive credentials without encryption.

Mitigation and Prevention

To address CVE-2019-13348, immediate actions and long-term security practices are recommended.

Immediate Steps to Take

Upgrade to a patched version that addresses the vulnerability.
Restrict access to the datasources page to authorized personnel only.

Long-Term Security Practices

Implement encryption for sensitive credentials to prevent unauthorized access.
Regularly review and update security configurations to mitigate similar vulnerabilities.

Patching and Updates

Ensure timely installation of security patches and updates provided by Knowage to fix the vulnerability.