CVE-2019-10908

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.

packagechannelchannel versionpkg versionstatus
airsonic
nixos-19.03
2019-07-20 14:00:35 UTC (e199c1)10.2.1vulnerable
2019-07-20 02:00:25 UTC (3e5cf4)10.2.1vulnerable
2019-07-18 06:55:19 UTC (77295b)10.2.1vulnerable
2019-07-18 01:05:28 UTC (594dfa)10.2.1vulnerable
2019-07-17 07:05:34 UTC (973a27)10.2.1vulnerable
2019-07-17 00:25:26 UTC (a5b5fb)10.2.1vulnerable
2019-07-16 15:05:35 UTC (58b687)10.2.1vulnerable
2019-07-16 04:20:37 UTC (e2ad04)10.2.1vulnerable
2019-07-16 01:20:20 UTC (3cd79e)10.2.1vulnerable
2019-07-15 00:10:40 UTC (f4fcda)10.2.1vulnerable
2019-07-14 18:15:28 UTC (a6598a)10.2.1vulnerable
2019-07-14 00:25:11 UTC (e726e8)10.2.1vulnerable
2019-07-13 19:15:40 UTC (88cb46)10.2.1vulnerable
2019-07-12 19:15:20 UTC (5f707e)10.2.1vulnerable
2019-07-12 08:35:17 UTC (88f069)10.2.1vulnerable
2019-07-12 03:10:14 UTC (f0fdbd)10.2.1vulnerable
2019-07-11 06:20:47 UTC (ecc64b)10.2.1vulnerable
2019-07-10 21:30:25 UTC (021f94)10.2.1vulnerable
2019-07-10 10:05:18 UTC (28e64d)10.2.1vulnerable
2019-07-08 03:35:15 UTC (9ec762)10.2.1vulnerable
2019-07-07 22:40:14 UTC (af5178)10.2.1vulnerable
2019-07-07 21:05:33 UTC (10a866)10.2.1vulnerable
2019-07-07 06:45:28 UTC (799a08)10.2.1vulnerable
2019-07-05 23:05:16 UTC (754763)10.2.1vulnerable
2019-07-05 01:10:17 UTC (aef662)10.2.1vulnerable
2019-07-04 18:40:34 UTC (b6aaee)10.2.1vulnerable
2019-07-04 00:55:38 UTC (8edf24)10.2.1vulnerable
2019-07-03 05:50:31 UTC (7152cb)10.2.1vulnerable
2019-07-02 23:30:38 UTC (e6fe2d)10.2.1vulnerable
2019-07-02 18:10:46 UTC (859bc7)10.2.1vulnerable
2019-07-02 04:25:39 UTC (e0c771)10.2.1vulnerable
2019-07-01 21:40:39 UTC (fe797e)10.2.1vulnerable
2019-07-01 12:15:28 UTC (85f820)10.2.1vulnerable
2019-07-01 11:25:25 UTC (bf62b5)10.2.1vulnerable
2019-06-29 04:00:24 UTC (2516c4)10.2.1vulnerable
2019-06-28 17:15:41 UTC (2e38c0)10.2.1vulnerable
2019-06-27 19:15:22 UTC (75a88c)10.2.1vulnerable
2019-06-27 00:15:26 UTC (1c6bdb)10.2.1vulnerable
2019-06-24 07:30:11 UTC (8634c3)10.2.1vulnerable
2019-06-23 05:35:31 UTC (3ddd23)10.2.1vulnerable
2019-06-22 01:50:21 UTC (303729)10.2.1vulnerable
2019-06-20 00:15:40 UTC (30a82b)10.2.1vulnerable
2019-06-19 10:10:15 UTC (d77e3b)10.2.1vulnerable
2019-06-18 21:10:26 UTC (f01ed7)10.2.1vulnerable
2019-06-18 17:00:39 UTC (07103a)10.2.1vulnerable
2019-06-15 04:35:37 UTC (1601f5)10.2.1vulnerable
2019-06-13 10:00:23 UTC (49dc80)10.2.1vulnerable
2019-06-11 06:05:32 UTC (4649b6)10.2.1vulnerable
2019-06-10 12:20:38 UTC (4fb3b8)10.2.1vulnerable
2019-06-09 04:35:21 UTC (5121b4)10.2.1vulnerable
2019-06-08 13:00:46 UTC (caacbe)10.2.1vulnerable
2019-06-08 06:05:33 UTC (6c3826)10.2.1vulnerable
2019-06-08 05:05:43 UTC (0563e6)10.2.1vulnerable
2019-06-07 02:10:24 UTC (00322c)10.2.1vulnerable
2019-06-07 01:40:43 UTC (f2c181)10.2.1vulnerable
2019-06-06 01:50:34 UTC (b2ec3b)10.2.1vulnerable
2019-06-05 11:25:48 UTC (1a2747)10.2.1vulnerable
2019-06-04 12:45:29 UTC (06602f)10.2.1vulnerable
2019-06-02 23:00:38 UTC (606306)10.2.1vulnerable
2019-06-01 20:45:40 UTC (a0b7a7)10.2.1vulnerable
2019-05-31 16:30:17 UTC (55df3f)10.2.1vulnerable
2019-05-30 17:55:26 UTC (50d5d7)10.2.1vulnerable
2019-05-30 00:45:38 UTC (89e617)10.2.1vulnerable
2019-05-29 23:10:32 UTC (e8cc06)10.2.1vulnerable
2019-05-29 05:00:37 UTC (365167)10.2.1vulnerable
2019-05-28 16:15:25 UTC (0728c3)10.2.1vulnerable
2019-05-28 08:10:25 UTC (f197f5)10.2.1vulnerable
2019-05-28 03:05:33 UTC (e2883c)10.2.1vulnerable
2019-05-27 19:25:30 UTC (c8124c)10.2.1vulnerable
2019-05-27 07:50:16 UTC (376981)10.2.1vulnerable
2019-05-26 11:55:37 UTC (f4c348)10.2.1vulnerable
2019-05-26 02:40:34 UTC (41c8f2)10.2.1vulnerable
2019-05-25 05:00:16 UTC (f70e66)10.2.1vulnerable
2019-05-24 22:05:17 UTC (3efdf4)10.2.1vulnerable
2019-05-24 17:35:31 UTC (c574f7)10.2.1vulnerable
2019-05-24 07:00:27 UTC (0ab85f)10.2.1vulnerable
2019-05-23 23:50:40 UTC (a59b66)10.2.1vulnerable
2019-05-23 16:30:37 UTC (e4ee5b)10.2.1vulnerable
2019-05-20 19:26:33 UTC (cdec62)10.2.1vulnerable
2019-05-19 05:45:38 UTC (705986)10.2.1vulnerable
2019-05-18 19:20:38 UTC (cff736)10.2.1vulnerable
2019-05-18 14:40:37 UTC (51cc0e)10.2.1vulnerable
2019-05-18 12:10:29 UTC (c86f09)10.2.1vulnerable
2019-05-16 07:25:27 UTC (c21f08)10.2.1vulnerable
2019-05-15 23:05:36 UTC (f5493b)10.2.1vulnerable
2019-05-14 10:50:48 UTC (7cd2e4)10.2.1vulnerable
2019-05-14 04:40:47 UTC (af657b)10.2.1vulnerable
2019-05-12 22:55:17 UTC (727e5b)10.2.1vulnerable
2019-05-12 18:15:28 UTC (c2570e)10.2.1vulnerable
2019-05-12 06:15:30 UTC (312a05)10.2.1vulnerable
2019-05-10 05:55:42 UTC (7bb74e)10.2.1vulnerable
2019-05-09 23:45:28 UTC (2ec36d)10.2.1vulnerable
2019-05-09 11:30:25 UTC (096e2f)10.2.1vulnerable
2019-05-08 07:05:44 UTC (aade6d)10.2.1vulnerable
2019-05-08 03:25:43 UTC (a04ef7)10.2.1vulnerable
2019-05-07 18:25:28 UTC (3e7300)10.2.1vulnerable
2019-05-07 12:25:52 UTC (2dcbd4)10.2.1vulnerable
2019-05-07 03:45:44 UTC (2df17e)10.2.1vulnerable
2019-05-06 22:45:43 UTC (8c6c85)10.2.1vulnerable
2019-05-06 19:05:39 UTC (6ec097)10.2.1vulnerable
2019-05-05 20:50:42 UTC (a177da)10.2.1vulnerable
2019-05-05 11:55:39 UTC (6e29f2)10.2.1vulnerable
2019-05-05 08:25:33 UTC (04954e)10.2.1vulnerable
2019-05-02 22:00:31 UTC (915ce0)10.2.1vulnerable
2019-05-02 14:05:46 UTC (2e6afa)10.2.1vulnerable
2019-05-02 10:40:42 UTC (b2b5c1)10.2.1vulnerable
2019-05-01 17:25:26 UTC (d740b2)10.2.1vulnerable
2019-04-30 23:15:17 UTC (6d7ed9)10.2.1vulnerable
2019-04-25 16:05:41 UTC (cf3e27)10.2.1vulnerable
2019-04-24 14:30:20 UTC (2f1eac)10.2.1vulnerable
2019-04-24 10:40:27 UTC (893541)10.2.1vulnerable
2019-04-23 19:20:27 UTC (793640)10.2.1vulnerable
2019-04-22 06:20:19 UTC (330b9f)10.2.1vulnerable
2019-04-21 17:40:24 UTC (454eea)10.2.1vulnerable
2019-04-21 16:40:14 UTC (83e778)10.2.1vulnerable
2019-04-21 10:05:20 UTC (73c885)10.2.1vulnerable
2019-04-20 19:45:16 UTC (b807bc)10.2.1vulnerable
2019-04-19 19:40:31 UTC (8ea36d)10.2.1vulnerable
2019-04-17 11:30:25 UTC (7b3696)10.2.1vulnerable
2019-04-16 15:30:40 UTC (ea4979)10.2.1vulnerable
2019-04-10 15:10:50 UTC (5c52b2)10.2.1vulnerable
2019-04-10 14:15:29 UTC (63f250)10.2.1vulnerable
2019-04-10 10:35:28 UTC (f52505)10.2.1vulnerable
2019-04-10 08:25:33 UTC (0363ab)10.2.1vulnerable
2019-04-08 01:00:36 UTC (67bc63)10.2.1vulnerable
2019-04-05 01:55:19 UTC (91fa69)10.2.1vulnerable
2019-04-04 23:20:18 UTC (e18a58)10.2.1vulnerable
nixos-unstable
2019-07-18 10:45:22 UTC (362be9)10.2.1vulnerable
2019-07-12 05:15:25 UTC (1036dc)10.2.1vulnerable
2019-07-08 01:05:26 UTC (beff2f)10.2.1vulnerable
2019-07-07 13:50:29 UTC (aa2a7e)10.2.1vulnerable
2019-07-07 11:30:30 UTC (88c258)10.2.1vulnerable
2019-07-02 04:45:32 UTC (73392e)10.2.1vulnerable
2019-07-01 13:50:17 UTC (460136)10.2.1vulnerable
2019-06-25 12:05:29 UTC (20b993)10.2.1vulnerable
2019-06-19 12:45:37 UTC (83ba5a)10.2.1vulnerable
2019-06-19 08:20:15 UTC (b5cf5f)10.2.1vulnerable
2019-06-16 20:35:25 UTC (a1dd41)10.2.1vulnerable
2019-06-14 02:45:19 UTC (7815c8)10.2.1vulnerable
2019-06-13 23:05:47 UTC (3674ff)10.2.1vulnerable
2019-06-11 00:35:31 UTC (98e3b9)10.2.1vulnerable
2019-06-08 06:35:25 UTC (168d10)10.2.1vulnerable
2019-06-07 02:55:44 UTC (1dc26c)10.2.1vulnerable
2019-06-03 12:15:10 UTC (ae71c1)10.2.1vulnerable
2019-06-01 18:50:28 UTC (4ab1c1)10.2.1vulnerable
2019-06-01 12:40:16 UTC (b3dd39)10.2.1vulnerable
2019-05-31 12:05:20 UTC (0c6fb7)10.2.1vulnerable
2019-05-30 21:30:30 UTC (aa440d)10.2.1vulnerable
2019-05-28 18:15:30 UTC (eccb90)10.2.1vulnerable
2019-05-26 15:10:32 UTC (c7bcd4)10.2.1vulnerable
2019-05-26 04:55:36 UTC (28b4f7)10.2.1vulnerable
2019-05-23 10:20:38 UTC (4dd5c9)10.2.1vulnerable
2019-05-20 19:26:34 UTC (971b73)10.2.1vulnerable
2019-05-18 12:45:40 UTC (82435a)10.2.1vulnerable
2019-05-16 05:00:32 UTC (bc9df0)10.2.1vulnerable
2019-05-10 19:10:48 UTC (bc94dc)10.2.1vulnerable
2019-05-09 19:50:27 UTC (8e1852)10.2.1vulnerable
2019-05-08 02:50:28 UTC (7defc4)10.2.1vulnerable
2019-05-07 11:35:25 UTC (2ec5e9)10.2.1vulnerable
2019-05-06 20:05:48 UTC (24debf)10.2.1vulnerable
2019-05-06 09:35:46 UTC (d457e3)10.2.1vulnerable
2019-05-03 17:40:38 UTC (190727)10.2.1vulnerable
2019-04-30 23:35:46 UTC (aeb464)10.2.1vulnerable
2019-04-25 16:30:32 UTC (dfd8f8)10.2.1vulnerable
2019-04-24 12:55:41 UTC (0620e0)10.2.1vulnerable
2019-04-21 22:55:37 UTC (d26027)10.2.1vulnerable
2019-04-16 15:55:38 UTC (1fc591)10.2.1vulnerable
2019-04-07 21:55:33 UTC (acbdaa)10.2.1vulnerable
2019-04-05 11:20:44 UTC (d956f2)10.2.1vulnerable