Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation from administrator in eLabFTW
Vulnerability Description
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
CWE-842
Vulnerability Title
eLabFTW 安全漏洞
Vulnerability Description
eLabFTW是一套开源的实验数据托管平台。该平台运行于Linux系统中,并支持存储多种对象。 eLabFTW 4.3.0之前版本存在安全漏洞,该漏洞源于应用的权限设置存在问题。具有管理员角色的经过身份验证的用户利用该漏洞在应用程序中为自己分配系统管理员权限,或创建新的系统管理员帐户。
CVSS Information
N/A
Vulnerability Type
N/A