GHSA-px3f-fc5j-2fqv

Опубликовано: 10 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS4: 9.3

CVSS3: 9.8

Описание

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.

Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Ссылки

EPSS

Процентиль: 100%

0.91029

Критический

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2024-5910

Дефекты

CWE-306

Связанные уязвимости

CVE-2024-5910

CVSS3: 9.8

nvd

больше 1 года назад

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

BDU:2024-06369

CVSS3: 9.8

fstec

больше 1 года назад

Уязвимость инструмента миграции конфигурации Palo Alto Networks Expedition, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю получить учетную запись администратора

EPSS

Процентиль: 100%

0.91029

Критический

9.3 Critical

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2024-5910

Дефекты

CWE-306