exploitDog

CVE-2024-2464

Опубликовано: 21 мар. 2024

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.

Ссылки

https://cdex.cloud/
Product
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
Third Party Advisory
https://cert.pl/posts/2024/03/CVE-2024-2463/
Third Party Advisory
https://cdex.cloud/
Product
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
Third Party Advisory
https://cert.pl/posts/2024/03/CVE-2024-2463/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cdex:cdex:*:*:*:*:*:*:*:*

Версия до 5.71 (включая)

EPSS

Процентиль: 42%

0.00197

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-203

Связанные уязвимости

GHSA-8x54-9cjv-7vch

CVSS3: 6.3

github

почти 2 года назад

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.

EPSS

Процентиль: 42%

0.00197

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-203