exploitDog

CVE-2024-5658

Опубликовано: 06 июн. 2024

Источник: nvd

CVSS3: 4.8

CVSS3: 6.5

EPSS Низкий

Описание

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.

Ссылки

http://www.openwall.com/lists/oss-security/2024/06/06/2
Exploit
Mailing List
Third Party Advisory
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4
Release Notes
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use
Exploit
Third Party Advisory
https://plugins.craftcms.com/two-factor-authentication?craft4
Product
http://www.openwall.com/lists/oss-security/2024/06/06/2
Exploit
Mailing List
Third Party Advisory
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4
Release Notes
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use
Exploit
Third Party Advisory
https://plugins.craftcms.com/two-factor-authentication?craft4
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:born05:two-factor_authentication:*:*:*:*:*:craftcms:*:*

Версия до 3.3.4 (исключая)

EPSS

Процентиль: 36%

0.00153

Низкий

4.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-303

CWE-287

Связанные уязвимости

GHSA-96qm-hwhp-2rm8

CVSS3: 4.8

github

больше 1 года назад

Improper Authentication in CraftCMS two factor authentication plugin

EPSS

Процентиль: 36%

0.00153

Низкий

4.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-303

CWE-287