Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

CVE-2023-4898 (GCVE-0-2023-4898)

Vulnerability from cvelistv5 – Published: 2023-09-11 23:27 – Updated: 2024-09-26 16:59
VLAI
Title
Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Summary
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
mintplex-labs mintplex-labs/anything-llm Affected: unspecified , < 0.0.1 (custom)
Create a notification for this product.
mintplexlabs anything-llm Affected: 0 , < 0.0.1 (custom)
    cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mintplexlabs:anything-llm:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anything-llm",
            "vendor": "mintplexlabs",
            "versions": [
              {
                "lessThan": "0.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4898",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T16:56:52.145493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T16:59:04.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mintplex-labs/anything-llm",
          "vendor": "mintplex-labs",
          "versions": [
            {
              "lessThan": "0.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-11T23:27:47.955Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/a3dda692-7e8a-44a9-bd96-24cfd3f721d2"
        },
        {
          "url": "https://github.com/mintplex-labs/anything-llm/commit/dc3dfbf31495fe316b21ee184b9317b38101d30e"
        }
      ],
      "source": {
        "advisory": "a3dda692-7e8a-44a9-bd96-24cfd3f721d2",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-4898",
    "datePublished": "2023-09-11T23:27:47.955Z",
    "dateReserved": "2023-09-11T23:27:37.938Z",
    "dateUpdated": "2024-09-26T16:59:04.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4727 (GCVE-0-2023-4727)

Vulnerability from cvelistv5 – Published: 2024-06-11 19:30 – Updated: 2026-06-26 09:19
VLAI
Title
Ca: token authentication bypass vulnerability
Summary
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 11.5.1 (semver)
Red Hat Red Hat Certificate System 10.4 EUS for RHEL-8 Unaffected: 8060020240529205458.07fb4edf , < * (rpm)
    cpe:/a:redhat:certificate_system_eus:10.4::el8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:10.5.18-32.el7_9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::computenode
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::workstation
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240614102443.82f485b7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020240329193548.17df0a3f , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_e4s:8.4::appstream
    cpe:/a:redhat:rhel_tus:8.4::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 8040020240329193548.17df0a3f , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_e4s:8.4::appstream
    cpe:/a:redhat:rhel_tus:8.4::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 8040020240329193548.17df0a3f , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_e4s:8.4::appstream
    cpe:/a:redhat:rhel_tus:8.4::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020240329182634.60523a7b , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020240329182634.60523a7b , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020240329182634.60523a7b , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240329143735.693a3987 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:11.5.0-2.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:11.0.6-3.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:11.3.0-2.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Date Public
2024-06-11 00:00
Credits
Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4727",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T20:43:47.420318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T12:00:14.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:4051",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4051"
          },
          {
            "name": "RHSA-2024:4070",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4070"
          },
          {
            "name": "RHSA-2024:4164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4164"
          },
          {
            "name": "RHSA-2024:4165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4165"
          },
          {
            "name": "RHSA-2024:4179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4179"
          },
          {
            "name": "RHSA-2024:4222",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4222"
          },
          {
            "name": "RHSA-2024:4367",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4367"
          },
          {
            "name": "RHSA-2024:4403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4403"
          },
          {
            "name": "RHSA-2024:4413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4413"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4727"
          },
          {
            "name": "RHBZ#2232218",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232218"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "11.5.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:certificate_system_eus:10.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-pki:10",
          "product": "Red Hat Certificate System 10.4 EUS for RHEL-8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020240529205458.07fb4edf",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::computenode",
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:10.5.18-32.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240614102443.82f485b7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240329193548.17df0a3f",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240329193548.17df0a3f",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240329193548.17df0a3f",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020240329182634.60523a7b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020240329182634.60523a7b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020240329182634.60523a7b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core:10.6",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020240329143735.693a3987",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:11.5.0-2.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:11.0.6-3.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "pki-core",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:11.3.0-2.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "pki-core",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue."
        }
      ],
      "datePublic": "2024-06-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T09:19:30.855Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:4051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4051"
        },
        {
          "name": "RHSA-2024:4070",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4070"
        },
        {
          "name": "RHSA-2024:4164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4164"
        },
        {
          "name": "RHSA-2024:4165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4165"
        },
        {
          "name": "RHSA-2024:4179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4179"
        },
        {
          "name": "RHSA-2024:4222",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4222"
        },
        {
          "name": "RHSA-2024:4367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4367"
        },
        {
          "name": "RHSA-2024:4403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4403"
        },
        {
          "name": "RHSA-2024:4413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4413"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4727"
        },
        {
          "name": "RHBZ#2232218",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232218"
        },
        {
          "url": "https://github.com/advisories/GHSA-rvm7-rc5g-c98q"
        },
        {
          "url": "https://github.com/dogtagpki/pki/commit/54e5b3c5932ad634b5ddf5b1d4d88c9419d6f720"
        },
        {
          "url": "https://github.com/dogtagpki/pki/commit/aa7161ba378caf5cf0471aafb679a842679c8388"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-15T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-06-11T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Ca: token authentication bypass vulnerability",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4727",
    "datePublished": "2024-06-11T19:30:25.613Z",
    "dateReserved": "2023-09-01T20:44:55.077Z",
    "dateUpdated": "2026-06-26T09:19:30.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4501 (GCVE-0-2023-4501)

Vulnerability from cvelistv5 – Published: 2023-09-12 18:05 – Updated: 2024-09-26 14:08
VLAI
Title
Authentication bypass in OpenText (Micro Focus) Enterprise Server
Summary
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-358 - Improperly Implemented Security Check for Standard
  • CWE-253 - Incorrect Check of Function Return Value
Assigner
References
Impacted products
Vendor Product Version
OpenText Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server Affected: 7.0.19 , < 7.0.21 (patch update)
Affected: 8.0.8 , < 8.0.10 (patch update)
Affected: 9.0.1 , < 9.0.2 (patch update)
Create a notification for this product.
opentext visual_cobal_cobal_server_enterprise_developer_enterprise_server Affected: 7.0.19 , < 7.0.21 (custom)
Affected: 8.0.8 , < 8.0.10 (custom)
Affected: 9.0.1 , < 9.0.2 (custom)
    cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.microfocus.com/s/article/KM000021287"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:opentext:visual_cobal_cobal_server_enterprise_developer_enterprise_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visual_cobal_cobal_server_enterprise_developer_enterprise_server",
            "vendor": "opentext",
            "versions": [
              {
                "lessThan": "7.0.21",
                "status": "affected",
                "version": "7.0.19",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.10",
                "status": "affected",
                "version": "8.0.8",
                "versionType": "custom"
              },
              {
                "lessThan": "9.0.2",
                "status": "affected",
                "version": "9.0.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4501",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T13:56:28.372526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T14:08:41.901Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux",
            "AIX Solaris HP-UX"
          ],
          "product": "Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "7.0.21",
              "status": "affected",
              "version": "7.0.19",
              "versionType": "patch update"
            },
            {
              "lessThan": "8.0.10",
              "status": "affected",
              "version": "8.0.8",
              "versionType": "patch update"
            },
            {
              "lessThan": "9.0.2",
              "status": "affected",
              "version": "9.0.1",
              "versionType": "patch update"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for more information.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for more information.\n"
        }
      ],
      "datePublic": "2023-09-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\u003cbr\u003e\u003cbr\u003eMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\u003cbr\u003e\u003cbr\u003eAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\u003cbr\u003e"
            }
          ],
          "value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "OpenText has not been informed of any exploitation of this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "OpenText has not been informed of any exploitation of this vulnerability.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253 Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T18:05:56.684Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://portal.microfocus.com/s/article/KM000021287"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\u003cbr\u003e"
            }
          ],
          "value": "Install 7.0 Patch Update 21, 8.0 Patch Update 10, or 9.0 Patch Update 2, or later, when available. Hotfix overlays are available now for common platforms and can be produced for other platforms; contact OpenText Support to request a hotfix overlay.\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-08T00:00:00.000Z",
          "value": "Reported by customer."
        },
        {
          "lang": "en",
          "time": "2023-08-22T00:00:00.000Z",
          "value": "Fix made available."
        },
        {
          "lang": "en",
          "time": "2023-09-01T00:00:00.000Z",
          "value": "Security bulletin published."
        }
      ],
      "title": "Authentication bypass in OpenText (Micro Focus) Enterprise Server",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact OpenText Support for workaround details.\u003cbr\u003e"
            }
          ],
          "value": "Contact OpenText Support for workaround details.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-4501",
    "datePublished": "2023-09-12T18:05:56.684Z",
    "dateReserved": "2023-08-23T18:01:40.973Z",
    "dateUpdated": "2024-09-26T14:08:41.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2959 (GCVE-0-2023-2959)

Vulnerability from cvelistv5 – Published: 2023-07-17 13:25 – Updated: 2026-05-22 08:46
VLAI
Title
Authentication Bypass by Primary Weakness in Oliva Expertise
Summary
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
Oliva Expertise Oliva Expertise EKS Affected: 0 , < 1.2 (custom)
Create a notification for this product.
Date Public
2023-07-17 13:30
Credits
Gokhan UYGAN
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0409"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T14:50:31.230394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T14:50:44.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Oliva Expertise EKS",
          "vendor": "Oliva Expertise",
          "versions": [
            {
              "lessThan": "1.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gokhan UYGAN"
        }
      ],
      "datePublic": "2023-07-17T13:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.\u003cp\u003eThis issue affects Oliva Expertise EKS: before 1.2.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.\n\nThis issue affects Oliva Expertise EKS: before 1.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-569",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-569 Collect Data as Provided by Users"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T08:46:53.771Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0409"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0409"
        }
      ],
      "source": {
        "advisory": "TR-23-0409",
        "defect": [
          "TR-23-0409"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Primary Weakness in Oliva Expertise",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-2959",
    "datePublished": "2023-07-17T13:25:14.769Z",
    "dateReserved": "2023-05-29T12:27:05.534Z",
    "dateUpdated": "2026-05-22T08:46:53.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-1833 (GCVE-0-2023-1833)

Vulnerability from cvelistv5 – Published: 2023-04-14 13:45 – Updated: 2026-05-22 11:53
VLAI
Title
Authentication Bypass in Redline Router
Summary
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
DTS Electronics Redline Router Affected: 0 , < 7.17 (custom)
Create a notification for this product.
Date Public
2023-04-14 13:42
Credits
Alican OZDEMIR
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0227"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1833",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T19:33:45.498507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T19:34:05.226Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Redline Router",
          "vendor": "DTS Electronics",
          "versions": [
            {
              "lessThan": "7.17",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Alican OZDEMIR"
        }
      ],
      "datePublic": "2023-04-14T13:42:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.\u003cp\u003eThis issue affects Redline Router: before 7.17.\u003c/p\u003e"
            }
          ],
          "value": "Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.\n\nThis issue affects Redline Router: before 7.17."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T11:53:30.362Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0227"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0227"
        }
      ],
      "source": {
        "advisory": "TR-23-0227",
        "defect": [
          "TR-23-0227"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass in Redline Router",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-1833",
    "datePublished": "2023-04-14T13:45:17.129Z",
    "dateReserved": "2023-04-04T12:51:03.543Z",
    "dateUpdated": "2026-05-22T11:53:30.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-1307 (GCVE-0-2023-1307)

Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-02-28 17:06
VLAI
Title
Authentication Bypass by Primary Weakness in froxlor/froxlor
Summary
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
froxlor froxlor/froxlor Affected: unspecified , < 2.0.13 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1307",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T17:05:24.223544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T17:06:06.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "froxlor/froxlor",
          "vendor": "froxlor",
          "versions": [
            {
              "lessThan": "2.0.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-10T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/5fe85af4-a667-41a9-a00d-f99e07c5e2f1"
        },
        {
          "url": "https://github.com/froxlor/froxlor/commit/6777fbf229200f4fd566022e186548391219ab23"
        }
      ],
      "source": {
        "advisory": "5fe85af4-a667-41a9-a00d-f99e07c5e2f1",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Primary Weakness in froxlor/froxlor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1307",
    "datePublished": "2023-03-10T00:00:00.000Z",
    "dateReserved": "2023-03-10T00:00:00.000Z",
    "dateUpdated": "2025-02-28T17:06:06.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0777 (GCVE-0-2023-0777)

Vulnerability from cvelistv5 – Published: 2023-02-10 00:00 – Updated: 2025-03-24 16:18
VLAI
Title
Authentication Bypass by Primary Weakness in modoboa/modoboa
Summary
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
modoboa modoboa/modoboa Affected: unspecified , < 2.0.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:24:33.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0777",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T16:18:05.048501Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T16:18:28.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "modoboa/modoboa",
          "vendor": "modoboa",
          "versions": [
            {
              "lessThan": "2.0.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-06T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/a17e7a9f-0fee-4130-a522-5a0466fc17c7"
        },
        {
          "url": "https://github.com/modoboa/modoboa/commit/47d17ac6643f870719691073956a26e4be0a4806"
        },
        {
          "url": "http://packetstormsecurity.com/files/171744/modoboa-2.0.4-Admin-Takeover.html"
        }
      ],
      "source": {
        "advisory": "a17e7a9f-0fee-4130-a522-5a0466fc17c7",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass by Primary Weakness in modoboa/modoboa"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-0777",
    "datePublished": "2023-02-10T00:00:00.000Z",
    "dateReserved": "2023-02-10T00:00:00.000Z",
    "dateUpdated": "2025-03-24T16:18:28.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48470 (GCVE-0-2022-48470)

Vulnerability from cvelistv5 – Published: 2024-12-28 06:53 – Updated: 2024-12-28 16:20
VLAI
Summary
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Huawei HarmonyOS AILife Solution 6.0 Affected: HiLink AI Life 12.0.2.305
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-28T16:20:00.566324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-28T16:20:26.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HarmonyOS AILife Solution 6.0",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "HiLink AI Life 12.0.2.305"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHuawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470\u003c/p\u003e"
            }
          ],
          "value": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-28T06:53:40.310Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2022-48470",
    "datePublished": "2024-12-28T06:53:40.310Z",
    "dateReserved": "2023-04-18T09:01:52.850Z",
    "dateUpdated": "2024-12-28T16:20:26.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40723 (GCVE-0-2022-40723)

Vulnerability from cvelistv5 – Published: 2023-04-25 00:00 – Updated: 2025-02-04 14:48
VLAI
Title
Configuration-based MFA Bypass in PingID RADIUS PCV.
Summary
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Ping Identity PingID Radius PCV Affected: 2.10.0
Affected: 3.0.0 , < 3.0.0* (custom)
Affected: 3.0.2 , ≤ 3.0.2 (custom)
Create a notification for this product.
Ping Identity PingID Integration Kit (includes Radius PCV) Affected: 2.24 , < 2.24 (custom)
Create a notification for this product.
Ping Identity PingFederate (includes Radius PCV) Affected: 11.1.0 , < 11.1.0* (custom)
Affected: 11.1.5 , ≤ 11.1.5 (custom)
Affected: 11.2.0 , < 11.2.0* (custom)
Affected: 11.2.2 , ≤ 11.2.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40723",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T14:48:50.451839Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T14:48:54.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PingID Radius PCV",
          "vendor": "Ping Identity",
          "versions": [
            {
              "status": "affected",
              "version": "2.10.0"
            },
            {
              "lessThan": "3.0.0*",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.0.2",
              "status": "affected",
              "version": "3.0.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PingID Integration Kit (includes Radius PCV)",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThan": "2.24",
              "status": "affected",
              "version": "2.24",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PingFederate (includes Radius PCV)",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThan": "11.1.0*",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.1.5",
              "status": "affected",
              "version": "11.1.5",
              "versionType": "custom"
            },
            {
              "lessThan": "11.2.0*",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.2.2",
              "status": "affected",
              "version": "11.2.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:H/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-25T00:00:00.000Z",
        "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "shortName": "Ping Identity"
      },
      "references": [
        {
          "url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_19_rn"
        }
      ],
      "source": {
        "advisory": "SECADV035",
        "defect": [
          "PIM-3774"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Configuration-based MFA Bypass in PingID RADIUS PCV."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
    "assignerShortName": "Ping Identity",
    "cveId": "CVE-2022-40723",
    "datePublished": "2023-04-25T00:00:00.000Z",
    "dateReserved": "2022-09-14T00:00:00.000Z",
    "dateUpdated": "2025-02-04T14:48:54.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39245 (GCVE-0-2022-39245)

Vulnerability from cvelistv5 – Published: 2022-09-26 13:55 – Updated: 2025-04-23 16:55
VLAI
Title
Mist vulnerable to user providing a Sudo binary for authentication checks
Summary
Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
makedeb mist Affected: < 0.9.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:43.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/makedeb/mist/releases/tag/v0.9.5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:48:51.202048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:55:29.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mist",
          "vendor": "makedeb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user\u0027s system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-26T13:55:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/makedeb/mist/releases/tag/v0.9.5"
        }
      ],
      "source": {
        "advisory": "GHSA-pxg4-7c7r-2ww6",
        "discovery": "UNKNOWN"
      },
      "title": "Mist vulnerable to user providing a Sudo binary for authentication checks",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-39245",
          "STATE": "PUBLIC",
          "TITLE": "Mist vulnerable to user providing a Sudo binary for authentication checks"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mist",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.9.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "makedeb"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user\u0027s system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-305: Authentication Bypass by Primary Weakness"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6",
              "refsource": "CONFIRM",
              "url": "https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6"
            },
            {
              "name": "https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67",
              "refsource": "MISC",
              "url": "https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67"
            },
            {
              "name": "https://github.com/makedeb/mist/releases/tag/v0.9.5",
              "refsource": "MISC",
              "url": "https://github.com/makedeb/mist/releases/tag/v0.9.5"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-pxg4-7c7r-2ww6",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39245",
    "datePublished": "2022-09-26T13:55:10.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:55:29.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.