exploitDog

GHSA-hqhf-c9cf-w4qm

Опубликовано: 10 окт. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.9

Описание

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.

Ссылки

EPSS

Процентиль: 56%

0.00335

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-799

Связанные уязвимости

CVE-2024-48942

CVSS3: 5.9

nvd

больше 1 года назад

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.

EPSS

Процентиль: 56%

0.00335

Низкий

5.9 Medium

CVSS3

CVE ID

Дефекты

CWE-799