exploitDog

CVE-2020-26136

Опубликовано: 08 июн. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.

Ссылки

https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2020-26136
Exploit
Vendor Advisory
https://forum.silverstripe.org/c/releases
Release Notes
Vendor Advisory
https://www.silverstripe.org/blog/tag/release
Release Notes
Vendor Advisory
https://www.silverstripe.org/download/security-releases/
Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2020-26136
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*

Версия до 4.6.0 (исключая)

cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00216

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-mg2g-8pwj-r2j2

CVSS3: 6.5

github

больше 4 лет назад

Authentication bypass in SilverStripe GraphQL

EPSS

Процентиль: 44%

0.00216

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287