HIGH🇵🇱 Wersja polska

CVE-2024-25632

CVSS 8.6v3.1pub. 2024-10-01upd. 2025-08-15

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • Elabftw

    APP
    Elabftw
    4.6.0 – 5.1.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-43834CRITICAL9.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...

CVE-2025-25206HIGH8.3ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect inp...

CVE-2024-45408HIGH7.5ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been fo...

CVE-2024-28100HIGH8.9ten sam produkt

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a r...

CVE-2021-43833HIGH8.1ten sam produkt

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulner...