Thelia authentication bypass vulnerability

2024-05-3013:26:47

CWE-287

GitHub Advisory Database

github.com

thelia

authentication

bypass

vulnerability

customer

admin

version 2.1.0-beta1

2.1.3

2.2.0-alpha1

software

AI Score

7.4

Confidence

Low

JSON

An authentication bypass was identifed in thelia/thelia project for customer and admin. This vulnerability is present from version 2.1.0-beta1 and is fixed in 2.1.3 and 2.2.0-alpha1.

Affected configurations

Vulners

Node

theliatheliaRange2.1.0-beta1–2.1.3

VendorProductVersionCPE
theliathelia*cpe:2.3:a:thelia:thelia:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
thelia	thelia	*	cpe:2.3:a:thelia:thelia::::::::

References

github.com/advisories/GHSA-g8pg-33v4-9r96

github.com/FriendsOfPHP/security-advisories/blob/master/thelia/thelia/2015-04-13-1.yaml

github.com/thelia/thelia/commit/028cfcf507cd8685772e156ec0c860034d407094

web.archive.org/web/20160502224630/thelia.net/version-2-1-3-with-security-fix

AI Score

7.4

Confidence

Low

JSON