Описание
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.47 (включая)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00004
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.1
github
около 6 лет назад
Missing Authentication for Critical Function in LibreNMS
EPSS
Процентиль: 0%
0.00004
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306