Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-23807

Опубликовано: 22 янв. 2022
Источник: debian
EPSS Низкий

Описание

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
phpmyadminfixed4:5.1.3+dfsg1-1package

Примечания

  • https://www.phpmyadmin.net/security/PMASA-2022-1/

  • https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32

  • https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)

  • 2FA support is not packaged in Debian

EPSS

Процентиль: 21%
0.00065
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-23807

CVSS3: 4.3
ubuntu
больше 3 лет назад

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

nvd логотип

CVE-2022-23807

CVSS3: 4.3
nvd
больше 3 лет назад

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

github логотип

GHSA-8wf2-3ggj-78q9

CVSS3: 4.3
github
больше 3 лет назад

Improper Authentication in phpmyadmin

suse-cvrf логотип

openSUSE-SU-2023:0154-1

suse-cvrf
около 2 лет назад

Security update for phpMyAdmin

suse-cvrf логотип

openSUSE-SU-2023:0047-1

suse-cvrf
больше 2 лет назад

Security update for phpMyAdmin

EPSS

Процентиль: 21%
0.00065
Низкий