Описание
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
EPSS
Процентиль: 21%
0.00067
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 9.8
github
4 дня назад
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
EPSS
Процентиль: 21%
0.00067
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-639