CWE-302
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
CVE-2023-47127 (GCVE-0-2023-47127)
Vulnerability from cvelistv5 – Published: 2023-11-14 19:26 – Updated: 2024-08-29 20:42
VLAI
Title
Weak Authentication in Session Handling in typo3/cms-core
Summary
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
4.2 (Medium)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/TYPO3/typo3/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/TYPO3/typo3/commit/535dfbdc54f… | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:41:35.630256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:42:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.55"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.44"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.41"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.33"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T17:11:29.026Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2023-006",
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006"
}
],
"source": {
"advisory": "GHSA-3vmm-7h4j-69rm",
"discovery": "UNKNOWN"
},
"title": "Weak Authentication in Session Handling in typo3/cms-core"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47127",
"datePublished": "2023-11-14T19:26:07.849Z",
"dateReserved": "2023-10-30T19:57:51.677Z",
"dateUpdated": "2024-08-29T20:42:22.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12838 (GCVE-0-2024-12838)
Vulnerability from cvelistv5 – Published: 2024-12-31 01:24 – Updated: 2024-12-31 15:56
VLAI
Title
Changing Information Technology CGFIDO - Authentication Bypass
Summary
The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.
Severity
8.8 (High)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8332-2100f-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8333-32cf8-2.html | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Changing Information Technology | CGFIDO |
Affected:
0.0.1 , < 1.1.0
(custom)
|
Date Public
2024-12-31 01:21
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T15:56:37.835975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T15:56:46.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CGFIDO",
"vendor": "Changing Information Technology",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-12-31T01:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators."
}
],
"value": "The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T01:24:48.680Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8332-2100f-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8333-32cf8-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version 1.2.0 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to version 1.2.0 or later."
}
],
"source": {
"advisory": "TVN-202412008",
"discovery": "EXTERNAL"
},
"title": "Changing Information Technology CGFIDO - Authentication Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-12838",
"datePublished": "2024-12-31T01:24:48.680Z",
"dateReserved": "2024-12-20T03:29:52.945Z",
"dateUpdated": "2024-12-31T15:56:46.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22179 (GCVE-0-2024-22179)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:06 – Updated: 2024-08-01 22:35
VLAI
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
Severity
CWE
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|
| Electrolink | Medium DAB Transmitter |
Affected:
500W
Affected: 1kW Affected: 2kW |
|
| Electrolink | High Power DAB Transmitter |
Affected:
2.5kW
Affected: 3kW Affected: 4kW Affected: 5kW |
|
| Electrolink | Compact FM Transmitter |
Affected:
Compact FM Transmitter
Affected: 500W Affected: 1kW Affected: 2kW |
|
| Electrolink | Modular FM Transmitter |
Affected:
3kW
Affected: 5kW Affected: 10kW Affected: 15kW Affected: 20kW Affected: 30kW |
|
| Electrolink | Digital FM Transmitter |
Affected:
15W , ≤ 40kW
(custom)
|
|
| Electrolink | VHF TV Transmitter |
Affected:
BI
Affected: BIII |
|
| Electrolink | UHF TV Transmitter |
Affected:
10W , ≤ 5kW
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10w"
},
{
"status": "affected",
"version": "100w"
},
{
"status": "affected",
"version": "250w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kw"
},
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "4kw"
},
{
"status": "affected",
"version": "5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "5kw"
},
{
"status": "affected",
"version": "10kw"
},
{
"status": "affected",
"version": "15kw"
},
{
"status": "affected",
"version": "20kw"
},
{
"status": "affected",
"version": "30kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "40kw",
"status": "affected",
"version": "15w",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "bi"
},
{
"status": "affected",
"version": "biii"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "5kw",
"status": "affected",
"version": "10w",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:46:38.775197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T15:05:06.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
}
],
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:45:02.057Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-22179",
"datePublished": "2024-04-18T22:06:26.781Z",
"dateReserved": "2024-01-05T22:07:42.998Z",
"dateUpdated": "2024-08-01T22:35:34.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3462 (GCVE-0-2024-3462)
Vulnerability from cvelistv5 – Published: 2024-05-13 08:19 – Updated: 2024-11-07 15:16
VLAI
Title
Authorization bypass in Ant Media Server
Summary
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.
All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.
Severity
5.4 (Medium)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://antmedia.io/ | product |
| https://cert.pl/en/posts/2024/05/CVE-2024-3462 | third-party-advisory |
| https://cert.pl/posts/2024/05/CVE-2024-3462 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ant Media | Ant Media Server Community Edition |
Affected:
0 , ≤ 2.9.0
(semver)
|
Date Public
2024-05-13 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:16:51.740687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:16:53.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://antmedia.io/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/05/CVE-2024-3462"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/05/CVE-2024-3462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ant Media Server Community Edition",
"repo": "https://github.com/ant-media/Ant-Media-Server",
"vendor": "Ant Media",
"versions": [
{
"lessThanOrEqual": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maksym Brz\u0119czek (efigo.pl)"
}
],
"datePublic": "2024-05-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ant Media Server Community Edition in a default configuration is vulnerable to an improper\u0026nbsp;HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.\u0026nbsp;\u003cbr\u003eAll versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch."
}
],
"value": "Ant Media Server Community Edition in a default configuration is vulnerable to an improper\u00a0HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.\u00a0\nAll versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:18.852Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "https://antmedia.io/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/05/CVE-2024-3462"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/05/CVE-2024-3462"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authorization bypass in Ant Media Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-3462",
"datePublished": "2024-05-13T08:19:13.882Z",
"dateReserved": "2024-04-08T10:30:37.412Z",
"dateUpdated": "2024-11-07T15:16:53.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3741 (GCVE-0-2024-3741)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:04 – Updated: 2024-08-01 20:20
VLAI
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
Electrolink transmitters are vulnerable to an authentication bypass
vulnerability affecting the login cookie. An attacker can set an
arbitrary value except 'NO' to the login cookie and have full system
access.
Severity
CWE
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|
| Electrolink | Medium DAB Transmitter |
Affected:
500W
Affected: 1kW Affected: 2kW |
|
| Electrolink | High Power DAB Transmitter |
Affected:
2.5kW
Affected: 3kW Affected: 4kW Affected: 5kW |
|
| Electrolink | Compact FM Transmitter |
Affected:
Compact FM Transmitter
Affected: 500W Affected: 1kW Affected: 2kW |
|
| Electrolink | Modular FM Transmitter |
Affected:
3kW
Affected: 5kW Affected: 10kW Affected: 15kW Affected: 20kW Affected: 30kW |
|
| Electrolink | Digital FM Transmitter |
Affected:
15W , ≤ 40kW
(custom)
|
|
| Electrolink | VHF TV Transmitter |
Affected:
BI
Affected: BIII |
|
| Electrolink | UHF TV Transmitter |
Affected:
10W , ≤ 5kW
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "5kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "250W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "30kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "15W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T18:54:30.103942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:28.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
}
],
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:40:14.630Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3741",
"datePublished": "2024-04-18T22:04:46.300Z",
"dateReserved": "2024-04-12T19:35:17.605Z",
"dateUpdated": "2024-08-01T20:20:01.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4024 (GCVE-0-2024-4024)
Vulnerability from cvelistv5 – Published: 2024-04-25 13:30 – Updated: 2026-05-13 04:05
VLAI
Title
Authentication Bypass by Assumed-Immutable Data in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab.
Severity
7.3 (High)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/452426 | issue-trackingpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:39:02.768615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:45:45.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #452426",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.9.6",
"status": "affected",
"version": "7.8",
"versionType": "semver"
},
{
"lessThan": "16.10.4",
"status": "affected",
"version": "16.10",
"versionType": "semver"
},
{
"lessThan": "16.11.1",
"status": "affected",
"version": "16.11",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability has been discovered internally by GitLab team members [Sam Word](https://gitlab.com/SamWord) and [Rodrigo Tomonari](https://gitlab.com/rodrigo.tomonari)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user\u0027s Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T04:05:39.707Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #452426",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452426"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.9.6, 16.10.4 or 16.11.1 or above"
}
],
"title": "Authentication Bypass by Assumed-Immutable Data in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-4024",
"datePublished": "2024-04-25T13:30:46.597Z",
"dateReserved": "2024-04-22T05:30:44.526Z",
"dateUpdated": "2026-05-13T04:05:39.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43441 (GCVE-0-2024-43441)
Vulnerability from cvelistv5 – Published: 2024-12-24 11:59 – Updated: 2024-12-31 18:47
VLAI
Title
Apache HugeGraph-Server: Fixed JWT Token(Secret)
Summary
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.
This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.
Users are recommended to upgrade to version 1.5.0, which fixes the issue.
Severity
No CVSS data available.
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/h2607yv32wgcrywov… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HugeGraph-Server |
Affected:
1.0.0 , < 1.5.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-24T18:03:25.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/24/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T18:47:06.846005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T18:47:44.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HugeGraph-Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "L0ne1y"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.5.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.\n\nThis issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.\n\nUsers are recommended to upgrade to version 1.5.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T11:59:59.219Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/h2607yv32wgcrywov960jpxhvsmmlf12"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache HugeGraph-Server: Fixed JWT Token(Secret)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-43441",
"datePublished": "2024-12-24T11:59:59.219Z",
"dateReserved": "2024-08-13T07:25:26.573Z",
"dateUpdated": "2024-12-31T18:47:44.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45370 (GCVE-0-2024-45370)
Vulnerability from cvelistv5 – Published: 2025-12-01 15:25 – Updated: 2025-12-01 20:23
VLAI
Summary
An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.
Severity
7.3 (High)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Socomec | Easy Config System |
Affected:
2.6.1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-01T17:05:35.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2117"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T20:22:50.772602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:23:08.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Easy Config System",
"vendor": "Socomec",
"versions": [
{
"status": "affected",
"version": "2.6.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Patterson of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:25:42.865Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2117",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2117"
},
{
"name": "https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf",
"url": "https://www.socomec.fr/sites/default/files/2025-11/CVE-2024-45370---ECS-2610---CVSS31_VULNERABILITIES_2025-11-19-09-45-29_English_PLURI_3.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-45370",
"datePublished": "2025-12-01T15:25:42.865Z",
"dateReserved": "2024-11-27T15:59:57.067Z",
"dateUpdated": "2025-12-01T20:23:08.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47086 (GCVE-0-2024-47086)
Vulnerability from cvelistv5 – Published: 2024-09-19 06:03 – Updated: 2024-09-19 14:22
VLAI
Title
OTP Bypass Vulnerability
Summary
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.
Severity
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apex Softcell | LD DP Back Office |
Affected:
<24.8.21.1
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apexsoftcell:ld_dp_back_office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ld_dp_back_office",
"vendor": "apexsoftcell",
"versions": [
{
"lessThan": "24.8.21.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:21:19.088467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:22:31.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LD DP Back Office",
"vendor": "Apex Softcell",
"versions": [
{
"status": "affected",
"version": "\u003c24.8.21.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mohit Gadiya."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. \u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts."
}
],
"value": "This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response. \n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T06:19:50.229Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2024-0296"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1\u003cbr\u003e"
}
],
"value": "Upgrade Apex Softcell LD DP Back Office to version 24.8.21.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OTP Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2024-47086",
"datePublished": "2024-09-19T06:03:10.218Z",
"dateReserved": "2024-09-18T08:36:36.214Z",
"dateUpdated": "2024-09-19T14:22:31.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49056 (GCVE-0-2024-49056)
Vulnerability from cvelistv5 – Published: 2024-11-12 17:53 – Updated: 2025-07-08 15:41 Exclusively Hosted Service
VLAI
Title
Airlift.microsoft.com Elevation of Privilege Vulnerability
Summary
Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
Severity
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | airlift.microsoft.com |
Affected:
N/A
|
Date Public
2024-11-12 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T21:46:23.326972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:46:33.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "airlift.microsoft.com",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:airlift_microsoft_com:*:*:*:*:*:*:*:*",
"versionStartIncluding": "N/A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-11-12T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:41:25.845Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Airlift.microsoft.com Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Airlift.microsoft.com Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-49056",
"datePublished": "2024-11-12T17:53:57.662Z",
"dateReserved": "2024-10-11T20:57:49.188Z",
"dateUpdated": "2025-07-08T15:41:25.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Operation, Implementation
Description:
- Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)
CAPEC-10: Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
CAPEC-13: Subverting Environment Variable Values
The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-274: HTTP Verb Tampering
An attacker modifies the HTTP Verb (e.g. GET, PUT, TRACE, etc.) in order to bypass access restrictions. Some web environments allow administrators to restrict access based on the HTTP Verb used with requests. However, attackers can often provide a different HTTP Verb, or even provide a random string as a verb in order to bypass these protections. This allows the attacker to access data that should otherwise be protected.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
CAPEC-45: Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.