CVE-2024-50550

EPSS 0.9%
Veröffentlicht 29.10.2024 10:15:04
Zuletzt bearbeitet 29.10.2024 14:34:04
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

LiteSpeed Cache <= 6.5.1 - Unauthenticated Privilege Escalation

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.

Mögliche Gegenmaßnahme

LiteSpeed Cache: Update to version 6.5.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt LiteSpeed Cache

Version * - 6.5.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Litespeedtech ≫ Litespeed Cache SwPlatformwordpress Version < 6.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.749

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-1-privilege-escalation-vulnerability?_s_id=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/91365d3b-8e93-4202-8d44-9d217aaae0a4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-50550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50550

EUVD