HIGH🇬🇧 English

CVE-2024-45408

CVSS 7.5v3.1pub. 2024-10-01upd. 2025-02-28

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Elabftw

    APP
    Elabftw
    4.4.0 – 5.1.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-43834CRITICAL9.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...

CVE-2025-25206HIGH8.3ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect inp...

CVE-2024-25632HIGH8.6ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrat...

CVE-2024-28100HIGH8.9ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a r...

CVE-2021-43833HIGH8.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...