Lucene search
HistoryDec 30, 2023 - 5:15 p.m.
CVE-2023-50110
testlink
1.9.20
type juggling
authentication bypass
cve-2023-50110
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.6%
TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.
Affected configurations
Node
testlinktestlinkRange≤1.9.20
| CPE | Name | Operator | Version |
|---|---|---|---|
| testlink:testlink | testlink | le | 1.9.20 |
Related
prion
prion
Authentication flaw
2023-12-30 17:15:00
cvelist
cvelist
CVE-2023-50110
2023-12-30 00:00:00
osv
osv
CVE-2023-50110
2023-12-30 17:15:07
nvd
nvd
CVE-2023-50110
2023-12-30 17:15:07
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.6%
Related for CVE-2023-50110