CVE-2023-45083

Опубликовано: 05 дек. 2023

Источник: nvd

CVSS3: 4.2

CVSS3: 4.4

EPSS Низкий

Описание

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.

An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.

This issue affects HyperCloud versions 1.0 to any release before 2.1.

Ссылки

https://advisories.softiron.cloud
Release Notes
https://advisories.softiron.cloud
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 2.1.0 (исключая)

EPSS

Процентиль: 6%

0.00024

Низкий

4.2 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-37pw-72qc-wmmj

CVSS3: 4.2

github

около 2 лет назад

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

EPSS

Процентиль: 6%

0.00024

Низкий

4.2 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-269