exploitDog

GHSA-gqjr-gcpj-h4ww

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

Ссылки

EPSS

Процентиль: 50%

0.0027

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2016-3085

CVSS3: 6.5

nvd

больше 9 лет назад

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.

EPSS

Процентиль: 50%

0.0027

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-287