Описание
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glewlwyd | fixed | 2.6.1-1 | package | |
| glewlwyd | fixed | 2.5.2-2+deb11u2 | bullseye | package |
| glewlwyd | not-affected | buster | package |
Примечания
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 4 лет назад
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVSS3: 8.8
nvd
около 4 лет назад
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVSS3: 8.8
github
около 4 лет назад
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.