EUVD-2023-27059

Malicious code in bioql PyPI...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

Syracom Secure Login 安全漏洞

Syracom Secure Login is a secure login plugin from Syracom. A security vulnerability exists in Syracom Secure Login that originates from a brute-force breaking of a secondary authentication PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-48942

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid...

CVE-2024-48942

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket (versions 3.1.4.5 and earlier) is affected. The vulnerability allows remote attackers to brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint, with the last 30 tokens and the next 30 token...

Syracom Secure Login 安全漏洞

Syracom Secure Login is a secure login plugin from Syracom. A security vulnerability exists in Syracom Secure Login that stems from a secondary authentication that can be bypassed by interacting with the /rest endpoint...

PT-2024-33288 · Atlassian +1 · Confluence +3

Name of the Vulnerable Software and Affected Versions: Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket versions 3.1.4.5 and earlier Description: The issue allows remote attackers to easily brute-force the 2FA PIN via the "plugins/servlet/twofactor/public/pinvalidation" endpoin...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2024-48941

The Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted...

CVE-2024-48941

The CVE-2024-48941 entry concerns the Syracom Secure Login 2FA plugin for Jira, Confluence, and Bitbucket (affected version family up to 3.1.4.5). The root issue is a 2FA bypass achieved by interacting with the /rest endpoint; in default configurations, /rest is allowlisted, enabling potential by...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

CVE-2023-22958

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...

Design/Logic Flaw

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter...