Lucene search

GitHub_MCVELIST:CVE-2021-43834

HistoryDec 15, 2021 - 11:20 p.m.

CVE-2021-43834 Incorrect Authentication in elabftw

2021-12-1523:20:15

CWE-287

GitHub_M

www.cve.org

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

CNA Affected

[
  {
    "product": "elabftw",
    "vendor": "elabftw",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.2.0"
      }
    ]
  }
]

References

github.com/elabftw/elabftw/releases/tag/4.2.0

github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVELIST:CVE-2021-43834