Описание
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.
Ссылки
- ProductRelease Notes
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:thermofisher:torrent_suite_software:5.18.1:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00024
Низкий
7.8 High
CVSS3
Дефекты
CWE-290
Связанные уязвимости
CVSS3: 7.8
github
2 месяца назад
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.
EPSS
Процентиль: 6%
0.00024
Низкий
7.8 High
CVSS3
Дефекты
CWE-290