Lucene search
UbuntuUSN-6761-1HistoryApr 30, 2024 - 12:00 a.m.
Anope vulnerability
2024-04-3000:00:00
ubuntu.com
10
anope
ubuntu
vulnerability
credentials
suspended accounts
unauthorized login
password change
platform
irc services
open source
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7.3
Confidence
Low
EPSS
0
Percentile
9.0%
Releases
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- anope - an open source set of IRC Services
Details
It was discovered that Anope did not properly process credentials for
suspended accounts. An attacker could possibly use this issue to normally
login to the platform as a suspended user after changing their password.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | anope | < 2.0.12-1ubuntu1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | anope-dbgsym | < 2.0.12-1ubuntu1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | anope | < 2.0.12-1ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | anope-dbgsym | < 2.0.12-1ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | anope | < 2.0.9-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | anope-dbgsym | < 2.0.9-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | anope | < 2.0.6-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | anope-dbgsym | < 2.0.6-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | anope | < 2.0.4-2ubuntu0.1~esm1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | anope | < 2.0.4-2 | UNKNOWN |
References
Related
osv
osv
anope vulnerability
2024-04-30 07:33:26
CVE-2024-30187
2024-03-25 08:15:36
veracode
veracode
Improper Access Control
2024-03-27 01:20:20
vulnrichment
vulnrichment
CVE-2024-30187
2024-03-25 00:00:00
cvelist
cvelist
CVE-2024-30187
2024-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2024-30187
2024-03-25 00:00:00
cve
cve
CVE-2024-30187
2024-03-25 08:15:36
debiancve
debiancve
CVE-2024-30187
2024-03-25 08:15:36
nessus
nessus
openvas
openvas
Ubuntu: Security Advisory (USN-6761-1)
2024-05-01 00:00:00
nvd
nvd
CVE-2024-30187
2024-03-25 08:15:36
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7.3
Confidence
Low
EPSS
0
Percentile
9.0%
Related for USN-6761-1