Описание
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.
Ссылки
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
EPSS
9.4 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.
EPSS
9.4 Critical
CVSS3
9.8 Critical
CVSS3