Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Related CPE's

Could not find any relations

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0

https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m

Weaknesses

[email protected]

Primary
CWE-200

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-01T19:15:53.630

2 hours ago

Last modified

2026-01-01T19:15:53.630

2 hours ago