CVE-2024-9302

EPSS 0.59%
Veröffentlicht 25.10.2024 07:15:05
Zuletzt bearbeitet 05.11.2024 17:39:17
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.

Mögliche Gegenmaßnahme

App Builder – Create Native Android & iOS Apps On The Flight: Update to version 5.3.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Appcheap ≫ App Builder SwPlatformwordpress Version <= 5.3.7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt App Builder – Create Native Android & iOS Apps On The Flight

Version *-5.3.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.433

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L196

Product

https://plugins.trac.wordpress.org/browser/app-builder/tags/5.3.1/includes/Di/Service/Auth/ForgotPassword.php#L247

Product

https://plugins.trac.wordpress.org/changeset/3161215/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9302

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-9302