CyberSec.Space Logo
Back to CVE Browser

CVE-2021-43834

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile17.55th
PublishedDec 16, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

Affected Platforms (CPE)

πŸ“¦
Elabftw

Elabftw

< 4.2.0

References & Advisories

πŸ”— https://github.com/elabftw/elabftw/releases/tag/4.2.0
πŸ”— https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph
πŸ”— https://github.com/elabftw/elabftw/releases/tag/4.2.0
πŸ”— https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph

Related Vulnerabilities

CVE-2019-121858.8

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in ...

CVE-2021-438338.1

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows...

CVE-2021-326986.8

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on...

CVE-2021-411715.9

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attac...