{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-06T16:08:27.518","vulnerabilities":[{"cve":{"id":"CVE-2020-1940","sourceIdentifier":"security@apache.org","published":"2020-01-28T17:15:12.193","lastModified":"2024-11-21T05:11:39.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed."},{"lang":"es","value":"Las funcionalidades opcionales de cambio de contraseña inicial y caducidad de contraseña presentes en Apache Jackrabbit Oak versiones 1.2.0 hasta 1.22.0, son propensas a una vulnerabilidad de divulgación de información confidencial. El código exige que la contraseña modificada sea pasada como un atributo adicional al objeto de credenciales, pero no la elimina durante el procesamiento en la primera fase de la autenticación. En combinación con mecanismos de autenticación adicionales e independientes, esto puede conllevar a que se revele la nueva contraseña."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-212"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jackrabbit_oak:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndIncluding":"1.22.0","matchCriteriaId":"0CFA05B8-7B97-4965-988A-AEFF7C719FE3"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2020/01/28/1","source":"security@apache.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r3da8e2fd253ecd4d3a0de71ce255631148b54be8500225b5812f7737%40%3Coak-commits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r45b0e2fb6ac51c5a03952b08b5e0efde1249ecb809884cc87eb0bd99%40%3Ccommits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r601637e38ee743e845856a4e24915cb8db26ae80ca782bef91989cbc%40%3Coak-commits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra295f919586b19def7cc7713d9d78595507d5f703362fccb779eeeb9%40%3Coak-commits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/ra6b3e78f5ed545c1d859d664f66c6d3fc5d731d9b1d842349654e4f0%40%3Ccommits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rb3023cfd45441b570c1abaa347d0cac78df97b5d3f27d674d01b3d2a%40%3Ccommits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rba884dbe733781cbaaffa28b77bc37a6a9f948b3a72a1bdad5e1587c%40%3Ccommits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rbef4701b5ce4d827182e70ad7b4d987a9157682ba3643e05a9ef5a7b%40%3Ccommits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc35a57ecdeae342d46f729d6bc9750ba860c101f450cc171798dba28%40%3Coak-commits.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cannounce.jackrabbit.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2020/01/28/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r3da8e2fd253ecd4d3a0de71ce255631148b54be8500225b5812f7737%40%3Coak-commits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r45b0e2fb6ac51c5a03952b08b5e0efde1249ecb809884cc87eb0bd99%40%3Ccommits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r601637e38ee743e845856a4e24915cb8db26ae80ca782bef91989cbc%40%3Coak-commits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra295f919586b19def7cc7713d9d78595507d5f703362fccb779eeeb9%40%3Coak-commits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ra6b3e78f5ed545c1d859d664f66c6d3fc5d731d9b1d842349654e4f0%40%3Ccommits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rb3023cfd45441b570c1abaa347d0cac78df97b5d3f27d674d01b3d2a%40%3Ccommits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rba884dbe733781cbaaffa28b77bc37a6a9f948b3a72a1bdad5e1587c%40%3Ccommits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rbef4701b5ce4d827182e70ad7b4d987a9157682ba3643e05a9ef5a7b%40%3Ccommits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc35a57ecdeae342d46f729d6bc9750ba860c101f450cc171798dba28%40%3Coak-commits.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cannounce.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes","Vendor Advisory"]}]}}]}