PT-2018-9596 · Boinc · Boinc Server/Website Code
Juha Sointusalo
·
Published
2018-12-20
·
Updated
2025-07-08
·
CVE-2018-1000875
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
BOINC Server and Website Code versions 0.9 through 1.0.2
Description:
The issue allows for authentication bypass, potentially granting access to any user account. This can be exploited via a specially crafted URL.
Recommendations:
For versions 0.9 through 1.0.2, update to version 1.0.3 to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boinc Server/Website Code