Описание
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (исключая)
cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-287
EPSS
Процентиль: 55%
0.00322
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-287