PT-2024-31612 · Elabftw · Elabftw

Anargam

Published

2024-10-01

Updated

2024-10-04

CVE-2024-45408

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0

Description: An incorrect permission check in eLabFTW, an open source electronic lab notebook, could allow an authenticated user to access restricted information. If anonymous access is enabled, this issue extends to anyone.

Recommendations: For versions prior to 5.1.0, upgrade to at least version 5.1.0. As a temporary workaround, system administrators can disable anonymous access in the System configuration panel.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2024-45408

GHSA-2C83-6J74-W8R5

Affected Products

Elabftw

PT-2024-31612 · Elabftw · Elabftw

CVE-2024-45408

Weakness Enumeration

Related Identifiers

Affected Products

References · 8