CVE-2018-1000875

EPSS 0.39%
Veröffentlicht 20.12.2018 17:29:01
Zuletzt bearbeitet 08.07.2025 18:02:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Universityofcalifornia ≫ Boinc Server Version >= 1.0.0 < 1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.594

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://github.com/BOINC/boinc/issues/2907

Third Party Advisory

Issue Tracking

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-1000875

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000875

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000875

EUVD