{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45408", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-28T20:21:32.804Z", "datePublished": "2024-10-01T14:53:48.085Z", "dateUpdated": "2024-10-01T15:12:46.615Z"}, "containers": {"cna": {"title": "eLabFTW contains a direct and indirect information disclosure", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5"}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"version": ">= 4.4.0, < 5.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-01T14:53:48.085Z"}, "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel."}], "source": {"advisory": "GHSA-2c83-6j74-w8r5", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "elabftw", "product": "elabftw", "cpes": ["cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "5.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-01T15:10:38.923193Z", "id": "CVE-2024-45408", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T15:12:46.615Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-01T15:10:38.923193Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*"], "vendor": "elabftw", "product": "elabftw", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "5.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T15:12:38.838Z"}}], "cna": {"title": "eLabFTW contains a direct and indirect information disclosure", "source": {"advisory": "GHSA-2c83-6j74-w8r5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"status": "affected", "version": ">= 4.4.0, < 5.1.0"}]}], "references": [{"url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5", "name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-01T14:53:48.085Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45408", "state": "PUBLISHED", "dateUpdated": "2024-10-01T15:12:46.615Z", "dateReserved": "2024-08-28T20:21:32.804Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-10-01T14:53:48.085Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel."}, {"lang": "es", "value": "eLabFTW es un cuaderno de laboratorio electr\u00f3nico de c\u00f3digo abierto para laboratorios de investigaci\u00f3n. Se ha detectado una comprobaci\u00f3n de permisos incorrecta que podr\u00eda permitir que un usuario autenticado acceda a varios tipos de informaci\u00f3n que de otro modo estar\u00eda restringida. Si se permite el acceso an\u00f3nimo (algo deshabilitado de forma predeterminada), esto se extiende a cualquier persona. Se recomienda a los usuarios que actualicen al menos a la versi\u00f3n 5.1.0. Los administradores de System pueden deshabilitar el acceso an\u00f3nimo en el panel de configuraci\u00f3n de System."}], "id": "CVE-2024-45408", "lastModified": "2024-10-04T13:51:25.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-10-01T15:15:08.220", "references": [{"source": "[email protected]", "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "[email protected]", "type": "Primary"}]}

{}