CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CVE-2024-39899 (GCVE-0-2024-39899)
Vulnerability from cvelistv5 – Published: 2024-07-09 18:57 – Updated: 2024-08-02 04:33
VLAI
Title
PrivateBin allows shortening of URLs for other domains
Summary
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/PrivateBin/PrivateBin/security… | x_refsource_CONFIRM |
| https://github.com/PrivateBin/PrivateBin/pull/1370 | x_refsource_MISC |
| https://github.com/PrivateBin/PrivateBin/commit/0… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| PrivateBin | PrivateBin |
Affected:
>= 1.5.0, < 1.7.4
|
|
| privatebin | privatebin |
Affected:
1.5.0 , < 1.7.4
(custom)
cpe:2.3:a:privatebin:privatebin:1.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:privatebin:privatebin:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "privatebin",
"vendor": "privatebin",
"versions": [
{
"lessThan": "1.7.4",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:31:16.074596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T14:35:40.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j"
},
{
"name": "https://github.com/PrivateBin/PrivateBin/pull/1370",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PrivateBin/PrivateBin/pull/1370"
},
{
"name": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PrivateBin",
"vendor": "PrivateBin",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.0, \u003c 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "CWE-791: Incomplete Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T18:57:50.228Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j"
},
{
"name": "https://github.com/PrivateBin/PrivateBin/pull/1370",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PrivateBin/PrivateBin/pull/1370"
},
{
"name": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PrivateBin/PrivateBin/commit/0c4e810e6728f67d678458838d8430dfba4fcca4"
}
],
"source": {
"advisory": "GHSA-mqqj-fx8h-437j",
"discovery": "UNKNOWN"
},
"title": "PrivateBin allows shortening of URLs for other domains"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39899",
"datePublished": "2024-07-09T18:57:50.228Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4784 (GCVE-0-2024-4784)
Vulnerability from cvelistv5 – Published: 2024-08-08 10:02 – Updated: 2024-08-29 15:04
VLAI
Title
Authentication Bypass by Primary Weakness in GitLab
Summary
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/461248 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2486223 | technical-descriptionexploitpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T14:12:19.684074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:12:32.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.0.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
},
{
"lessThan": "17.1.4",
"status": "affected",
"version": "17.1",
"versionType": "semver"
},
{
"lessThan": "17.2.2",
"status": "affected",
"version": "17.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [vexin](https://hackerone.com/vexin) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:58.457Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #461248",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/461248"
},
{
"name": "HackerOne Bug Bounty Report #2486223",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2486223"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 17.2.2, 17.1.4, 17.0.6 or above."
}
],
"title": "Authentication Bypass by Primary Weakness in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-4784",
"datePublished": "2024-08-08T10:02:19.809Z",
"dateReserved": "2024-05-10T19:01:57.438Z",
"dateUpdated": "2024-08-29T15:04:58.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49587 (GCVE-0-2024-49587)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:33 – Updated: 2026-02-26 16:07
VLAI
Title
Glutton V1 endpoints missing authentication
Summary
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.gotham:glutton |
Unaffected:
105.95.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-20T04:56:48.131550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:24.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.gotham:glutton",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "105.95.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme\u0027s implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:33:22.971Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11"
}
],
"source": {
"defect": [
"PLTRSEC-2024-43"
],
"discovery": "INTERNAL"
},
"title": "Glutton V1 endpoints missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2024-49587",
"datePublished": "2025-12-19T16:33:22.971Z",
"dateReserved": "2024-10-16T19:09:45.689Z",
"dateUpdated": "2026-02-26T16:07:24.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50478 (GCVE-0-2024-50478)
Vulnerability from cvelistv5 – Published: 2024-10-28 12:32 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability
Summary
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/swo… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Swoop | 1-Click Login: Passwordless Authentication |
Affected:
1.4.5
(custom)
|
|
| swoop | 1-click_login\:_passwordless_authentication |
Affected:
1.4.5
cpe:2.3:a:swoop:1-click_login\:_passwordless_authentication:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:swoop:1-click_login\\:_passwordless_authentication:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "1-click_login\\:_passwordless_authentication",
"vendor": "swoop",
"versions": [
{
"status": "affected",
"version": "1.4.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:17:03.552262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:49:21.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "swoop-password-free-authentication",
"product": "1-Click Login: Passwordless Authentication",
"vendor": "Swoop",
"versions": [
{
"status": "affected",
"version": "1.4.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "stealthcopter (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.\u003cp\u003eThis issue affects 1-Click Login: Passwordless Authentication: 1.4.5.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:29.787Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/swoop-password-free-authentication/wordpress-1-click-login-passwordless-authentication-plugin-1-4-5-broken-authentication-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress 1-Click Login: Passwordless Authentication plugin 1.4.5 - Broken Authentication vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-50478",
"datePublished": "2024-10-28T12:32:27.258Z",
"dateReserved": "2024-10-24T07:26:38.824Z",
"dateUpdated": "2026-04-28T16:10:29.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51738 (GCVE-0-2024-51738)
Vulnerability from cvelistv5 – Published: 2025-01-20 15:26 – Updated: 2025-01-21 14:59
VLAI
Title
Sunshine improperly enforces pairing protocol request order
Summary
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LizardByte/Sunshine/security/a… | x_refsource_CONFIRM |
| https://github.com/LizardByte/Sunshine/commit/89f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LizardByte | Sunshine |
Affected:
< 2025.118.151840
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:59:20.927312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:59:35.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003c 2025.118.151840"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine\u0027s pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T15:26:03.955Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd"
}
],
"source": {
"advisory": "GHSA-3hrw-xv8h-9499",
"discovery": "UNKNOWN"
},
"title": "Sunshine improperly enforces pairing protocol request order"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51738",
"datePublished": "2025-01-20T15:26:03.955Z",
"dateReserved": "2024-10-31T14:12:45.788Z",
"dateUpdated": "2025-01-21T14:59:35.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5956 (GCVE-0-2024-5956)
Vulnerability from cvelistv5 – Published: 2024-09-05 10:42 – Updated: 2024-09-05 13:13
VLAI
Summary
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trellix | Intrusion Prevention System (IPS) Manager |
Affected:
11.1.7.97
|
|
| trellix | intrusion_prevention_system_manager |
Affected:
11.1.7.97
cpe:2.3:a:trellix:intrusion_prevention_system_manager:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trellix:intrusion_prevention_system_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "intrusion_prevention_system_manager",
"vendor": "trellix",
"versions": [
{
"status": "affected",
"version": "11.1.7.97"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:11:38.274777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:13:04.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"11.1.7.97"
],
"product": "Intrusion Prevention System (IPS) Manager",
"vendor": "Trellix",
"versions": [
{
"status": "affected",
"version": "11.1.7.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kentaro Kawane"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T10:50:14.273Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://thrive.trellix.com/s/article/000013870"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2024-5956",
"datePublished": "2024-09-05T10:42:09.315Z",
"dateReserved": "2024-06-13T06:47:29.265Z",
"dateUpdated": "2024-09-05T13:13:04.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5957 (GCVE-0-2024-5957)
Vulnerability from cvelistv5 – Published: 2024-09-05 10:49 – Updated: 2024-09-05 13:11
VLAI
Summary
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trellix | Intrusion Prevention System (IPS) Manager |
Affected:
11.1.7.97
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:10:58.158237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:11:11.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Intrusion Prevention System (IPS) Manager",
"vendor": "Trellix",
"versions": [
{
"status": "affected",
"version": "11.1.7.97"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kentaro Kawane"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e"
}
],
"value": "This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T10:49:38.276Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://thrive.trellix.com/s/article/000013870"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2024-5957",
"datePublished": "2024-09-05T10:49:38.276Z",
"dateReserved": "2024-06-13T06:47:31.425Z",
"dateUpdated": "2024-09-05T13:11:11.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6637 (GCVE-0-2024-6637)
Vulnerability from cvelistv5 – Published: 2024-07-20 07:37 – Updated: 2026-04-08 16:36
VLAI
Title
WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password
Summary
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WPWeb | WooCommerce - Social Login |
Affected:
0 , ≤ 2.7.3
(semver)
|
|
| yithemes | yith_woocommerce_social_login |
Affected:
0 , ≤ 2.7.3
(semver)
cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "yith_woocommerce_social_login",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "2.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T14:11:16.496227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:34:59.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WooCommerce - Social Login",
"vendor": "WPWeb",
"versions": [
{
"lessThanOrEqual": "2.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vu Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:36:07.667Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve"
},
{
"url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-19T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WooCommerce - Social Login \u003c= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6637",
"datePublished": "2024-07-20T07:37:52.405Z",
"dateReserved": "2024-07-09T21:48:55.671Z",
"dateUpdated": "2026-04-08T16:36:07.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7557 (GCVE-0-2024-7557)
Vulnerability from cvelistv5 – Published: 2024-08-08 21:33 – Updated: 2026-03-19 16:43
VLAI
Title
Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
Summary
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-7557 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2303094 | issue-trackingx_refsource_REDHAT |
| https://github.com/opendatahub-io/odh-dashboard/p… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
2.8.*
(semver)
Affected: 2.11 (semver) Unaffected: a122ad06a297f4e8b2a065eece910aa882cc3fa6 (git) |
|||
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Data Science (RHODS) |
cpe:/a:redhat:openshift_data_science |
Date Public
2024-08-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T13:52:08.137088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T13:52:27.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/opendatahub-io/odh-dashboard",
"defaultStatus": "unknown",
"packageName": "odh-dashboard",
"versions": [
{
"status": "affected",
"version": "2.8.*",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.11",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "a122ad06a297f4e8b2a065eece910aa882cc3fa6",
"versionType": "git"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "odh-dashboard-container",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "odh-model-controller-container",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_science"
],
"defaultStatus": "affected",
"packageName": "rhods/odh-dashboard-rhel8",
"product": "Red Hat OpenShift Data Science (RHODS)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_science"
],
"defaultStatus": "affected",
"packageName": "rhods/odh-model-controller-rhel8",
"product": "Red Hat OpenShift Data Science (RHODS)",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue."
}
],
"datePublic": "2024-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T16:43:45.729Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-7557"
},
{
"name": "RHBZ#2303094",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303094"
},
{
"url": "https://github.com/opendatahub-io/odh-dashboard/pull/3198"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-06T10:31:41.202Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-08-07T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-7557",
"datePublished": "2024-08-08T21:33:14.505Z",
"dateReserved": "2024-08-06T11:08:34.986Z",
"dateUpdated": "2026-03-19T16:43:45.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8642 (GCVE-0-2024-8642)
Vulnerability from cvelistv5 – Published: 2024-09-11 13:34 – Updated: 2024-09-11 14:06
VLAI
Title
Eclipse EDC: Consumer pull transfer token validation checks not applied
Summary
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse EDC Connector |
Affected:
0.5.0 , < 0.9.0
(semver)
|
|
| eclipse_foundation | edc |
Affected:
0.5.0 , < 0.9.0
(custom)
cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edc",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThan": "0.9.0",
"status": "affected",
"version": "0.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8642",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:03:51.264915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:06:55.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2/",
"defaultStatus": "unaffected",
"modules": [
"transfer-data-plane"
],
"packageName": "org.eclipse.edc:transfer-data-plane",
"product": "Eclipse EDC Connector",
"repo": "https://github.com/eclipse-edc/Connector",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "0.9.0",
"status": "affected",
"version": "0.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
}
],
"value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:34:28.463Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/234"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/28"
},
{
"url": "https://github.com/eclipse-edc/Connector/commit/04899e91dcdb4a407db4eb7af3e7b6ff9a9e9ad6"
},
{
"url": "https://github.com/eclipse-edc/Connector/releases/tag/v0.9.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse EDC: Consumer pull transfer token validation checks not applied",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8642",
"datePublished": "2024-09-11T13:34:28.463Z",
"dateReserved": "2024-09-10T06:20:33.205Z",
"dateUpdated": "2024-09-11T14:06:55.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.