exploitDog

CVE-2021-45890

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

Ссылки

https://github.com/AuthGuard/AuthGuard/commit/9783b1143da6576028de23e15a1f198b1f937b82
Patch
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/compare/v0.8.0...v0.9.0
Release Notes
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/issues/166
Issue Tracking
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/pull/181
Patch
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/commit/9783b1143da6576028de23e15a1f198b1f937b82
Patch
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/compare/v0.8.0...v0.9.0
Release Notes
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/issues/166
Issue Tracking
Third Party Advisory
https://github.com/AuthGuard/AuthGuard/pull/181
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:authguard_project:authguard:*:*:*:*:*:*:*:*

Версия до 0.9.0 (исключая)

EPSS

Процентиль: 68%

0.0057

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-fmc3-vh2f-557h

github

около 4 лет назад

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

EPSS

Процентиль: 68%

0.0057

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287