Lucene search

[email protected]CVE-2024-0879

HistoryJan 25, 2024 - 3:15 p.m.

CVE-2024-0879

2024-01-2515:15:07

CWE-287

[email protected]

web.nvd.nist.gov

cve-2024-0879

vector-admin

authentication bypass

domain restriction

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.

Affected configurations

NVD

Node

mintplexlabsvector_adminRange<2024-01-23

CPENameOperatorVersion
mintplexlabs:vector_adminmintplexlabs vector adminlt2024-01-23

CPE	Name	Operator	Version
mintplexlabs:vector_admin	mintplexlabs vector admin	lt	2024-01-23

CNA Affected

[
  {
    "collectionURL": "https://github.com",
    "defaultStatus": "unaffected",
    "packageName": "Mintplex-Labs/vector-admin",
    "product": "vector-admin",
    "vendor": "Mintplex-Labs",
    "versions": [
      {
        "lessThan": "a581b8177dd6be719a5ef6d3ce4b1e939636bb41",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41

research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVE-2024-0879

prion1 cvelist1 nvd1