PT-2022-20590 · Elabftw · Elabftw

Xskullboyx

Published

2022-08-01

Updated

2022-08-06

CVE-2022-31178

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 4.3.4

Description A vulnerability was discovered in eLabFTW, an electronic lab notebook manager for research teams, which allows a logged-in user to read a template without being authorized to do so.

Recommendations For versions prior to 4.3.4, upgrade to version 4.3.4 to resolve the issue.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-31178

GHSA-63QQ-HW97-8Q7X

Affected Products

Elabftw

PT-2022-20590 · Elabftw · Elabftw

CVE-2022-31178

Weakness Enumeration

Related Identifiers

Affected Products

References · 6