CVE-2019-3913
published 2019-01-30CVE-2019-3913: Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system…
PriorityP423medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
1.74%
74.9th percentile
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| labkey | labkey_server | < 18.3.0-61806.763 | 18.3.0-61806.763 |
| tenable | labkey_server_community_edition | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
Multiple Vulnerabilities Found in LabKey Server Community Edition
blogs_tenable·2019-01-24·CVSS 6.1
[MEDIUM] Multiple Vulnerabilities Found in LabKey Server Community Edition
Blog / Research
Subscribe
# Multiple Vulnerabilities Found in LabKey Server Community Edition
Tenable Research
January 24, 2019
2 Min Read
Tenable Research has discovered multiple vulnerabilities including cross site scripting, open redirects and drive mapping in LabKey Server Community Edition 18.2-60106.64. Labkey has released patches.
### Background
LabKey Server, an open source medical data collaboration tool, is vulnerable to multiple cross site scripting (XSS) attacks. The flaws allow a remote unauthenticated attacker to run arbitrary code through their browser, create open redirects to push users to malicious URLs, and map malicious network drives after gaining administrative access.
### Analysis
#### CVE-2019-3911: Cross Site Scripting vulnerabilities
Query functions are
Tenable
Multiple Vulnerabilities Found in LabKey Server Community Edition
blogs_tenable·2019-01-24
Multiple Vulnerabilities Found in LabKey Server Community Edition
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
LabKey Server Community Edition Multiple Vulnerabilities
blogs_tenable·2019-01-24
LabKey Server Community Edition Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2019-01-30
Published