Количество 2
Количество 2
CVE-2024-41800
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
GHSA-wmx7-pw49-88jx
Craft CMS Allows TOTP Token To Stay Valid After Use
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-41800 Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3. | CVSS3: 4.8 | 0% Низкий | больше 1 года назад |
| GHSA-wmx7-pw49-88jx Craft CMS Allows TOTP Token To Stay Valid After Use | CVSS3: 4.8 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу