CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-43834

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile17.55th
Published2021年12月16日
Last Modified2024年11月21日

Vulnerability Description

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

Affected Platforms (CPE)

📦
Elabftw

Elabftw

< 4.2.0

References & Advisories

🔗 https://github.com/elabftw/elabftw/releases/tag/4.2.0
🔗 https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph
🔗 https://github.com/elabftw/elabftw/releases/tag/4.2.0
🔗 https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph

相关漏洞威胁

CVE-2019-121858.8

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in ...

CVE-2021-438338.1

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows...

CVE-2021-326986.8

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on...

CVE-2021-411715.9

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attac...