CVE-2021-45379

EPSS 0.3%
Veröffentlicht 30.12.2021 18:15:07
Zuletzt bearbeitet 21.11.2024 06:32:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Glewlwyd Project ≫ Glewlwyd Version >= 2.0.0 < 2.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.528

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe

Patch

Third Party Advisory

https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1

Third Party Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-45379

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45379

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45379

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-45379