Lucene search

GoogleOSV:CVE-2023-50256

HistoryJan 03, 2024 - 11:15 p.m.

CVE-2023-50256

2024-01-0323:15:08

Google

osv.dev

froxlor

server administration software

cve-2023-50256

fix

mandatory field bypass

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.

References

github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac

github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4

user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

20.6%

JSON

Related for OSV:CVE-2023-50256