7.5

CVE-2024-45408

EPSS 0.23%
Veröffentlicht 01.10.2024 15:15:08
Zuletzt bearbeitet 14.02.2025 16:47:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0.  System administrators can disable anonymous access in the System configuration panel.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elabftw ≫ Elabftw Version >= 4.4.0 < 5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45408

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45408

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45408

EUVD