exploitDog

GHSA-4x6w-65jr-r5pv

Опубликовано: 11 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 7.6

Описание

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

Ссылки

EPSS

Процентиль: 5%

0.00021

Низкий

7.6 High

CVSS4

CVE ID

Дефекты

CWE-1390

Связанные уязвимости

CVE-2025-11084

nvd

3 месяца назад

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.

EPSS

Процентиль: 5%

0.00021

Низкий

7.6 High

CVSS4

CVE ID

Дефекты

CWE-1390