Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
2FA bypass in Wagtail through new device path
Vulnerability Description
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
认证中关键步骤缺失
Vulnerability Title
wagtail-2fa 安全漏洞
Vulnerability Description
wagtail-2fa是一款双因素验证软件包。 wagtail-2fa 1.3.0之前版本中存在安全漏洞。攻击者可利用该漏洞登录到CMS并绕过2FA检查,进而添加新设备并获取CMS的全部访问权限。
CVSS Information
N/A
Vulnerability Type
N/A