Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

CVE-2024-12802 (GCVE-0-2024-12802)

Vulnerability from cvelistv5 – Published: 2025-01-09 09:08 – Updated: 2026-05-22 03:55
VLAI
Summary
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
SonicWall SonicOS Affected: 6.5.4.4-44v-21-2457 and older versions
Affected: 6.5.4.15-117n and older versions
Affected: 7.0.1-5161 and older versions
Affected: 7.1.1-7058 and older versions
Affected: 7.1.2-7019
Affected: 8.0.0-8035
Create a notification for this product.
Date Public
2025-01-08 07:16
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12802",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T03:55:48.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Gen6 NSv",
            "Gen6 Hardware",
            "Gen7 Hardware",
            "Gen7 NSv",
            "TZ80"
          ],
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.4.4-44v-21-2457 and older versions"
            },
            {
              "status": "affected",
              "version": "6.5.4.15-117n and older versions"
            },
            {
              "status": "affected",
              "version": "7.0.1-5161 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.1-7058 and older versions"
            },
            {
              "status": "affected",
              "version": "7.1.2-7019"
            },
            {
              "status": "affected",
              "version": "8.0.0-8035"
            }
          ]
        }
      ],
      "datePublic": "2025-01-08T07:16:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name.\u003c/span\u003e"
            }
          ],
          "value": "SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T09:08:26.012Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001"
        }
      ],
      "source": {
        "advisory": "SNWLID-2025-0001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2024-12802",
    "datePublished": "2025-01-09T09:08:26.012Z",
    "dateReserved": "2024-12-19T16:22:43.405Z",
    "dateUpdated": "2026-05-22T03:55:48.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-12776 (GCVE-0-2024-12776)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-03-20 18:18
VLAI
Title
Authentication Bypass in langgenius/dify
Summary
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
langgenius langgenius/dify Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12776",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:49:31.689192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:18:01.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "langgenius/dify",
          "vendor": "langgenius",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:10:42.717Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/00a8b403-7da5-431e-afa3-40339cf734bf"
        }
      ],
      "source": {
        "advisory": "00a8b403-7da5-431e-afa3-40339cf734bf",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass in langgenius/dify"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-12776",
    "datePublished": "2025-03-20T10:10:42.717Z",
    "dateReserved": "2024-12-18T22:10:57.059Z",
    "dateUpdated": "2025-03-20T18:18:01.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12582 (GCVE-0-2024-12582)

Vulnerability from cvelistv5 – Published: 2024-12-24 03:31 – Updated: 2026-06-18 08:31
VLAI
Title
Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
Summary
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 1.8.3 (semver)
Red Hat Service Interconnect 1 for RHEL 9 Unaffected: 1.8.3-1 , < * (rpm)
    cpe:/a:redhat:service_interconnect:1::el9
Create a notification for this product.
Red Hat Service Interconnect 1 for RHEL 9 Unaffected: 2.7.3-1 , < * (rpm)
    cpe:/a:redhat:service_interconnect:1::el9
Create a notification for this product.
Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
Create a notification for this product.
Date Public
2024-12-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T18:13:55.863080Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T18:13:59.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/skupperproject/skupper/",
          "defaultStatus": "unaffected",
          "packageName": "skupper",
          "versions": [
            {
              "lessThan": "1.8.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-config-sync-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-controller-podman-container-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-controller-podman-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-flow-collector-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-operator-bundle",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-router-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.7.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-service-controller-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-site-controller-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.8.3-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "skupper-cli",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the skupper console,  a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T08:31:49.281Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:1413"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12582"
        },
        {
          "name": "RHBZ#2333540",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333540"
        },
        {
          "url": "https://github.com/skupperproject/skupper/pull/1833"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-20T17:33:05.858Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-12-20T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service",
      "workarounds": [
        {
          "lang": "en",
          "value": "For users running skupper on Red Hat OpenShift, the OpenShift authentication should be used. Otherwise, use \"unsecured\" where authentication is not a primary concern."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12582",
    "datePublished": "2024-12-24T03:31:24.896Z",
    "dateReserved": "2024-12-12T17:10:04.729Z",
    "dateUpdated": "2026-06-18T08:31:49.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-12054 (GCVE-0-2024-12054)

Vulnerability from cvelistv5 – Published: 2025-02-13 22:08 – Updated: 2025-02-14 15:58
VLAI
Title
ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness
Summary
ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic functions intended for workshop or repair scenarios. This can impact system availability, potentially degrading performance or erasing software, however the vehicle remains in a safe vehicle state.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
ZF RSSPlus 2M Affected: 01/08 , < 01/23 (custom)
Create a notification for this product.
Credits
National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:58:36.827378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:58:47.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RSSPlus 2M",
          "vendor": "ZF",
          "versions": [
            {
              "lessThan": "01/23",
              "status": "affected",
              "version": "01/08",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state.\n\n\u003cbr\u003e"
            }
          ],
          "value": "ZF Roll Stability Support Plus (RSSPlus) \nis vulnerable to an authentication bypass vulnerability targeting \ndeterministic RSSPlus SecurityAccess service seeds, which may allow an \nattacker to remotely (proximal/adjacent with RF equipment or via pivot \nfrom J2497 telematics devices) call diagnostic functions intended for \nworkshop or repair scenarios. This can impact system availability, \npotentially degrading performance or erasing software, however the \nvehicle remains in a safe vehicle state."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T22:08:03.541Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03"
        },
        {
          "url": "https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf"
        }
      ],
      "source": {
        "advisory": "ICSA-25-021-03",
        "discovery": "EXTERNAL"
      },
      "title": "ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To most effectively mitigate general vulnerabilities of the powerline \ncommunication, any trucks, trailers, and tractors utilizing J2497 \ntechnology should disable all features where possible, except for \nbackwards-compatibility with LAMP ON detection only. Users acquiring new\n trailer equipment should migrate all diagnostics to newer trailer bus \ntechnology. Users acquiring new tractor equipment should remove support \nfor reception of any J2497 message other than LAMP messages.\n\n\u003cbr\u003e"
            }
          ],
          "value": "To most effectively mitigate general vulnerabilities of the powerline \ncommunication, any trucks, trailers, and tractors utilizing J2497 \ntechnology should disable all features where possible, except for \nbackwards-compatibility with LAMP ON detection only. Users acquiring new\n trailer equipment should migrate all diagnostics to newer trailer bus \ntechnology. Users acquiring new tractor equipment should remove support \nfor reception of any J2497 message other than LAMP messages."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eZF recommends:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMoving away from security access and implementing the latest security feature authenticate (0x29).\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eEnsure random numbers are generated from a cryptographically secure hardware true random number generator.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eAdopting modern standards/protocols for truck trailer communication.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "ZF recommends:\n\n\n\n  *  Moving away from security access and implementing the latest security feature authenticate (0x29).\u00a0 \n\n\n  *  Ensure random numbers are generated from a cryptographically secure hardware true random number generator.\u00a0 \n\n\n  *  Adopting modern standards/protocols for truck trailer communication."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNMFTA has published detailed information about how to mitigate these issues in the following ways:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInstall a LAMP ON firewall for each ECU.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eUse a LAMP detect circuit LAMP ON sender with each trailer.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eChange addresses dynamically on each tractor in response to detecting a transmitter on its current address.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eInstall RF chokes on each trailer between chassis ground and wiring ground.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eLoad with LAMP keyhole signal on each tractor.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003cli\u003eFlood with jamming signal on each tractor.\u0026nbsp; \u003cbr\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease visit \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf\"\u003eNMFTA\u003c/a\u003e\u003c/p\u003e for additional details on these and other solutions.\n\n\u003cbr\u003e"
            }
          ],
          "value": "NMFTA has published detailed information about how to mitigate these issues in the following ways:\n\n\n\n  *  Install a LAMP ON firewall for each ECU.\u00a0 \n\n\n  *  Use a LAMP detect circuit LAMP ON sender with each trailer.\u00a0 \n\n\n  *  Change addresses dynamically on each tractor in response to detecting a transmitter on its current address.\u00a0 \n\n\n  *  Install RF chokes on each trailer between chassis ground and wiring ground.\u00a0 \n\n\n  *  Load with LAMP keyhole signal on each tractor.\u00a0 \n\n\n  *  Flood with jamming signal on each tractor.\u00a0 \n\n\n\n\n\nPlease visit  NMFTA https://nmfta.org/wp-content/media/2022/11/Actionable_Mitigations_Options_v9_DIST.pdf \n\n for additional details on these and other solutions."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-12054",
    "datePublished": "2025-02-13T22:08:03.541Z",
    "dateReserved": "2024-12-02T19:56:35.074Z",
    "dateUpdated": "2025-02-14T15:58:47.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10394 (GCVE-0-2024-10394)

Vulnerability from cvelistv5 – Published: 2024-11-14 19:07 – Updated: 2025-12-23 15:22
VLAI
Title
Theft of credentials in Unix client PAGs
Summary
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
The OpenAFS Foundation OpenAFS Affected: 1.0 , < 1.6.24 (semver)
Affected: 1.8.0 , < 1.8.12.2 (semver)
Affected: 1.9.0 , < 1.9.1 (semver)
Create a notification for this product.
Date Public
2024-11-12 03:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T15:59:42.509613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:11:52.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:29:07.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openafs/openafs/",
          "defaultStatus": "unaffected",
          "packageName": "openafs",
          "product": "OpenAFS",
          "vendor": "The OpenAFS Foundation",
          "versions": [
            {
              "lessThan": "1.6.24",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.12.2",
              "status": "affected",
              "version": "1.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "1.9.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal\u0026nbsp;the credentials in that PAG."
            }
          ],
          "value": "A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal\u00a0the credentials in that PAG."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T15:22:39.503Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2024-001.txt"
        },
        {
          "url": "https://www.openafs.org/security"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Theft of credentials in Unix client PAGs",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2024-10394",
    "datePublished": "2024-11-14T19:07:50.492Z",
    "dateReserved": "2024-10-25T18:51:34.290Z",
    "dateUpdated": "2025-12-23T15:22:39.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10082 (GCVE-0-2024-10082)

Vulnerability from cvelistv5 – Published: 2024-11-06 14:34 – Updated: 2024-11-06 14:59 X_Open Source
VLAI
Summary
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful. This issue affects CodeChecker: through 6.24.1.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Ericsson CodeChecker Affected: 0 , ≤ 6.24.1 (python)
Create a notification for this product.
ericsson codechecker Affected: 0 , ≤ 6.24.1 (custom)
    cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "codechecker",
            "vendor": "ericsson",
            "versions": [
              {
                "lessThanOrEqual": "6.24.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T14:54:02.741372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T14:59:50.972Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CodeChecker",
          "vendor": "Ericsson",
          "versions": [
            {
              "lessThanOrEqual": "6.24.1",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe attacker needs to acquire the username of the root user to be successful.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.24.1.\u003c/p\u003e"
            }
          ],
          "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface.\u00a0The attacker needs to acquire the username of the root user to be successful.\n\nThis issue affects CodeChecker: through 6.24.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-842",
              "description": "CWE-842",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T14:34:38.263Z",
        "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "shortName": "ERIC"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
    "assignerShortName": "ERIC",
    "cveId": "CVE-2024-10082",
    "datePublished": "2024-11-06T14:34:38.263Z",
    "dateReserved": "2024-10-17T12:36:52.749Z",
    "dateUpdated": "2024-11-06T14:59:50.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9683 (GCVE-0-2024-9683)

Vulnerability from cvelistv5 – Published: 2024-10-17 14:08 – Updated: 2025-11-07 00:44
VLAI
Title
Quay: quay allows successful authentication with trucated version of the password
Summary
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.  While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2024-9683 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2317559 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 3.8.14 (semver)
Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
Create a notification for this product.
Date Public
2024-10-09 00:00
Credits
Red Hat would like to thank Alexander Pryor for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T14:35:37.574201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T14:36:13.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/quay/quay",
          "defaultStatus": "unknown",
          "packageName": "quay",
          "versions": [
            {
              "status": "affected",
              "version": "3.8.14",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quay:3"
          ],
          "defaultStatus": "affected",
          "packageName": "quay",
          "product": "Red Hat Quay 3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Alexander Pryor for reporting this issue."
        }
      ],
      "datePublic": "2024-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement.\u00a0 While the risk is relatively low due to the typical length of the passwords used (73 characters), this vulnerability can still be exploited to reduce the complexity of brute-force or password-guessing attacks. The truncation of passwords weakens the overall authentication process, thereby reducing the effectiveness of password policies and potentially increasing the risk of unauthorized access in the future."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T00:44:44.742Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-9683"
        },
        {
          "name": "RHBZ#2317559",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317559"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-09T12:28:16.419Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-09T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Quay: quay allows successful authentication with trucated version of the password",
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-9683",
    "datePublished": "2024-10-17T14:08:57.482Z",
    "dateReserved": "2024-10-09T12:30:10.219Z",
    "dateUpdated": "2025-11-07T00:44:44.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8642 (GCVE-0-2024-8642)

Vulnerability from cvelistv5 – Published: 2024-09-11 13:34 – Updated: 2024-09-11 14:06
VLAI
Title
Eclipse EDC: Consumer pull transfer token validation checks not applied
Summary
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse EDC Connector Affected: 0.5.0 , < 0.9.0 (semver)
Create a notification for this product.
eclipse_foundation edc Affected: 0.5.0 , < 0.9.0 (custom)
    cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse_foundation:edc:0.5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "edc",
            "vendor": "eclipse_foundation",
            "versions": [
              {
                "lessThan": "0.9.0",
                "status": "affected",
                "version": "0.5.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8642",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T14:03:51.264915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T14:06:55.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "transfer-data-plane"
          ],
          "packageName": "org.eclipse.edc:transfer-data-plane",
          "product": "Eclipse EDC Connector",
          "repo": "https://github.com/eclipse-edc/Connector",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "0.9.0",
              "status": "affected",
              "version": "0.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
            }
          ],
          "value": "In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module \"transfer-data-plane\". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T13:34:28.463Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/234"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/28"
        },
        {
          "url": "https://github.com/eclipse-edc/Connector/commit/04899e91dcdb4a407db4eb7af3e7b6ff9a9e9ad6"
        },
        {
          "url": "https://github.com/eclipse-edc/Connector/releases/tag/v0.9.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse EDC: Consumer pull transfer token validation checks not applied",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-8642",
    "datePublished": "2024-09-11T13:34:28.463Z",
    "dateReserved": "2024-09-10T06:20:33.205Z",
    "dateUpdated": "2024-09-11T14:06:55.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7557 (GCVE-0-2024-7557)

Vulnerability from cvelistv5 – Published: 2024-08-08 21:33 – Updated: 2026-03-19 16:43
VLAI
Title
Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai
Summary
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
Affected: 2.8.* (semver)
Affected: 2.11 (semver)
Unaffected: a122ad06a297f4e8b2a065eece910aa882cc3fa6 (git)
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Red Hat OpenShift Data Science (RHODS)     cpe:/a:redhat:openshift_data_science
Create a notification for this product.
Date Public
2024-08-07 00:00
Credits
Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T13:52:08.137088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T13:52:27.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/opendatahub-io/odh-dashboard",
          "defaultStatus": "unknown",
          "packageName": "odh-dashboard",
          "versions": [
            {
              "status": "affected",
              "version": "2.8.*",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.11",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "a122ad06a297f4e8b2a065eece910aa882cc3fa6",
              "versionType": "git"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "odh-dashboard-container",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_ai"
          ],
          "defaultStatus": "affected",
          "packageName": "odh-model-controller-container",
          "product": "Red Hat OpenShift AI (RHOAI)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_science"
          ],
          "defaultStatus": "affected",
          "packageName": "rhods/odh-dashboard-rhel8",
          "product": "Red Hat OpenShift Data Science (RHODS)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_science"
          ],
          "defaultStatus": "affected",
          "packageName": "rhods/odh-model-controller-rhel8",
          "product": "Red Hat OpenShift Data Science (RHODS)",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Adam Bellusci (RedHat) for reporting this issue."
        }
      ],
      "datePublic": "2024-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc --token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T16:43:45.729Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7557"
        },
        {
          "name": "RHBZ#2303094",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303094"
        },
        {
          "url": "https://github.com/opendatahub-io/odh-dashboard/pull/3198"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-06T10:31:41.202Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-07T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-305: Authentication Bypass by Primary Weakness"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7557",
    "datePublished": "2024-08-08T21:33:14.505Z",
    "dateReserved": "2024-08-06T11:08:34.986Z",
    "dateUpdated": "2026-03-19T16:43:45.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6637 (GCVE-0-2024-6637)

Vulnerability from cvelistv5 – Published: 2024-07-20 07:37 – Updated: 2026-04-08 16:36
VLAI
Title
WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password
Summary
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
WPWeb WooCommerce - Social Login Affected: 0 , ≤ 2.7.3 (semver)
Create a notification for this product.
yithemes yith_woocommerce_social_login Affected: 0 , ≤ 2.7.3 (semver)
    cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
Vu Nguyen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:yithemes:yith_woocommerce_social_login:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "yith_woocommerce_social_login",
            "vendor": "yithemes",
            "versions": [
              {
                "lessThanOrEqual": "2.7.3",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T14:11:16.496227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T20:34:59.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:04.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WooCommerce - Social Login",
          "vendor": "WPWeb",
          "versions": [
            {
              "lessThanOrEqual": "2.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vu Nguyen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:36:07.667Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve"
        },
        {
          "url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-19T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WooCommerce - Social Login \u003c= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-6637",
    "datePublished": "2024-07-20T07:37:52.405Z",
    "dateReserved": "2024-07-09T21:48:55.671Z",
    "dateUpdated": "2026-04-08T16:36:07.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.