Lucene search

PRIOn knowledge basePRION:CVE-2022-47002

HistoryFeb 01, 2023 - 2:15 p.m.

Authentication flaw

2023-02-0114:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

remember me function

bypass authentication

crafted web request

masa cms

9.3 High

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.

CPENameOperatorVersion
masacmslt7.2.5
masacmseq7.4.0 alpha2
masacmseq7.4.0 beta1
masacmseq7.4.0 beta2
masacmseq7.4.0 alpha1
masacmsge7.3
masacmslt7.3.10

Name	Operator	Version
masacms	lt	7.2.5
masacms	eq	7.4.0 alpha2
masacms	eq	7.4.0 beta1
masacms	eq	7.4.0 beta2
masacms	eq	7.4.0 alpha1
masacms	ge	7.3
masacms	lt	7.3.10

References

github.com/MasaCMS/MasaCMS/releases/tag/7.3.10

www.hoyahaxa.com/2023/01/preliminary-security-advisory.html

www.hoyahaxa.com/2023/03/authentication-bypass-mura-masa.html