Lucene search

[email protected]NVD:CVE-2023-50256

HistoryJan 03, 2024 - 11:15 p.m.

CVE-2023-50256

2024-01-0323:15:08

CWE-20

[email protected]

web.nvd.nist.gov

froxlor

server administration

open source

cve-2023-50256

mandatory fields

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.6%

JSON

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.

Affected configurations

Nvd

Node

froxlorfroxlorRange<2.1.2

VendorProductVersionCPE
froxlorfroxlor*cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
froxlor	froxlor	*	cpe:2.3:a:froxlor:froxlor::::::::

References

github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac

github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4

user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.6%

JSON

Related for NVD:CVE-2023-50256

prion1 osv2 veracode1 cvelist1 github1 cve1