CVE-2024-51478

Exploit

EPSS 0.37%
Veröffentlicht 31.10.2024 17:15:13
Zuletzt bearbeitet 09.05.2025 14:06:43
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Use of a Broken or Risky Cryptographic Algorithm in YesWiki

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yeswiki ≫ Yeswiki Version < 4.4.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	9.9	3.9	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc

Patch

https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7

Patch

https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-51478

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51478

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51478

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-51478