{"id":"CVE-2019-12105","details":"In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation","aliases":["PYSEC-2019-126"],"modified":"2026-03-14T01:39:06.879787Z","published":"2019-09-10T17:15:11.517Z","related":["openSUSE-SU-2024:11414-1"],"references":[{"type":"WEB","url":"http://supervisord.org/configuration.html#inet-http-server-section-settings"},{"type":"ADVISORY","url":"https://github.com/Supervisor/supervisor/issues/1245"},{"type":"FIX","url":"https://github.com/Supervisor/supervisor/commit/4e334d9cf2a1daff685893e35e72398437df3dcb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/supervisor/supervisor","events":[{"introduced":"0"},{"last_affected":"977a84aad48f0ec2f149d7aef38218c564cb835c"},{"fixed":"4e334d9cf2a1daff685893e35e72398437df3dcb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.2"}]}}],"versions":["3.0","3.0a10","3.0a11","3.0a12","3.0b1","3.0b2","4.0.0","4.0.1","4.0.2","4.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12105.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}]}