Описание
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
Ссылки
- Technical Description
- Vendor Advisory
- Third Party Advisory
- Technical Description
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.45 (включая) до 1.47 (исключая)
cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00539
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
EPSS
Процентиль: 67%
0.00539
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-798