Lucene search

[email protected]NVD:CVE-2024-0879

HistoryJan 25, 2024 - 3:15 p.m.

CVE-2024-0879

2024-01-2515:15:07

CWE-287

[email protected]

web.nvd.nist.gov

cve-2024-0879

vector-admin

authentication bypass

unauthorized user registration

domain restriction

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.0%

JSON

Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.

Affected configurations

Nvd

Node

mintplexlabsvector_adminRange<2024-01-23

VendorProductVersionCPE
mintplexlabsvector_admin*cpe:2.3:a:mintplexlabs:vector_admin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mintplexlabs	vector_admin	*	cpe:2.3:a:mintplexlabs:vector_admin::::::::

References

github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41

research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2024-0879

prion1 cvelist1 cve1