exploitDog

CVE-2019-25023

Опубликовано: 27 фев. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.

Ссылки

https://suid.ch/research/CVE-2019-25023.html
Exploit
Third Party Advisory
https://suid.ch/research/CVE-2019-25023.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scytl:secure_vote:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00285

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-290

Связанные уязвимости

GHSA-5rjj-25hf-wf28

github

больше 3 лет назад

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs.

EPSS

Процентиль: 52%

0.00285

Низкий

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-290