← Back

CVE-2024-41800

nvd nist
Published: Jul 25, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.

Affected (13)

Products: Craftcms: Craft Cms
Craftcms
1 product
Craft Cms
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Craftcms
Craft Cms
From 5.0.1 to 5.2.3
Craft Cms
Version 5.0.0 beta10
Craft Cms
Version 5.0.0 beta11
Craft Cms
Version 5.0.0 beta1
Craft Cms
Version 5.0.0 beta2
Craft Cms
Version 5.0.0 beta3
Craft Cms
Version 5.0.0 beta4
Craft Cms
Version 5.0.0 beta5
Craft Cms
Version 5.0.0 beta6
Craft Cms
Version 5.0.0 beta7
Craft Cms
Version 5.0.0 beta8
Craft Cms
Version 5.0.0 beta9
Craft Cms
Version 5.0.0 rc1

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Vendor Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.