7.2

CVE-2023-35154

EPSS 0.24%
Veröffentlicht 23.06.2023 21:15:09
Zuletzt bearbeitet 21.11.2024 08:08:02
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eng ≫ Knowage Version >= 6.1.0 < 8.1.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.462

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
security-advisories@github.com	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35154

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35154

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35154

EUVD