CVE-2021-43834

EPSS 0.32%
Veröffentlicht 16.12.2021 00:15:07
Zuletzt bearbeitet 21.11.2024 06:29:53
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elabftw ≫ Elabftw Version < 4.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.546

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/elabftw/elabftw/releases/tag/4.2.0

Third Party Advisory

Release Notes

https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43834

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43834

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43834

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-43834