CRITICAL🇬🇧 English

CVE-2021-43834

CVSS 9.1v3.1pub. 2021-12-16upd. 2024-11-21

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Elabftw

    APP
    Elabftw
    < 4.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-25206HIGH8.3ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect inp...

CVE-2024-25632HIGH8.6ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrat...

CVE-2024-45408HIGH7.5ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been fo...

CVE-2024-28100HIGH8.9ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a r...

CVE-2021-43833HIGH8.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...