Lucene search
PRIOn knowledge basePRION:CVE-2023-49075HistoryNov 28, 2023 - 5:15 a.m.
Design/Logic Flaw
2023-11-2805:15:00
PRIOn knowledge base
www.prio-n.com
2
admin classic bundle
backend ui
pimcore
security flaw
two-factor authentication
authentication bypass
version 1.2.2
The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor credentials. This issue has been patched in version 1.2.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| admin_classic_bundle | lt | 1.2.2 |
References
github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628
github.com/pimcore/admin-ui-classic-bundle/pull/345
github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg
patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch
Related
osv
osv
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
2023-11-27 23:23:02
CVE-2023-49075
2023-11-28 05:15:08
nvd
nvd
CVE-2023-49075
2023-11-28 05:15:08
cvelist
cvelist
veracode
veracode
Authentication Bypass
2023-11-29 09:13:13
cve
cve
CVE-2023-49075
2023-11-28 05:15:08
github
github