exploitDog

CVE-2022-25319

Опубликовано: 18 фев. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

Ссылки

https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61
Patch
Third Party Advisory
https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/
Third Party Advisory
https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/
Exploit
Third Party Advisory
https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61
Patch
Third Party Advisory
https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/
Third Party Advisory
https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*

Версия до 1.4 (включая)

EPSS

Процентиль: 61%

0.0042

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-mr2c-ph77-2532

CVSS3: 5.3

github

почти 4 года назад

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

EPSS

Процентиль: 61%

0.0042

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo