exploitDog

GHSA-3x3j-pmx9-j3r7

Опубликовано: 24 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6

Описание

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

Ссылки

EPSS

Процентиль: 24%

0.00079

Низкий

6 Medium

CVSS3

CVE ID

Дефекты

CWE-305

Связанные уязвимости

CVE-2025-23017

CVSS3: 6

nvd

12 месяцев назад

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

EPSS

Процентиль: 24%

0.00079

Низкий

6 Medium

CVSS3

CVE ID

Дефекты

CWE-305