GHSA-6x98-fx9j-7c78

Опубликовано: 19 янв. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

Disabled users able to log in with third party SSO plugin

Impact

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

Patches

Upgrade to 2.12.0 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

Ссылки

Пакеты

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

>= 2.0.0, < 2.12.0

2.12.0

EPSS

Процентиль: 50%

0.00271

Низкий

8.1 High

CVSS3

CVE ID

CVE-2017-1000489

Дефекты

CWE-287

Связанные уязвимости

CVE-2017-1000489

CVSS3: 8.1

nvd

около 8 лет назад

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

EPSS

Процентиль: 50%

0.00271

Низкий

8.1 High

CVSS3

CVE ID

CVE-2017-1000489

Дефекты

CWE-287