Japan Vulnerability NotesJVN:88176589JVN#88176589: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
49.8%
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool “AppGoat” for Web Application contains an authentication bypass vulnerability.
Impact
A remote unauthenticated attacker may perform an arbitrary operation.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.0 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
49.8%