7.2

CVE-2021-41126

EPSS 1.06%
Veröffentlicht 06.10.2021 18:15:11
Zuletzt bearbeitet 21.11.2024 06:25:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Deleted Admin Can Sign In to Admin Interface

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octobercms ≫ October Version >= 2.0.0 < 2.1.12

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.6

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7

Third Party Advisory

https://octobercms.com/changelog

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-41126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41126

EUVD