Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
In eLabFTW, if administrators can create users, users can too
Vulnerability Description
eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new, validated accounts in their team. If the system has anonymous access enabled (disabled by default) an unauthenticated user can create regular users in any team. This vulnerability has been fixed since version 5.0.0, released on February 17th 2024. Some workarounds are available. Disabling both options that allow *administrators* to create users will provide a mitigation. Additionally, disabling anonymous user access will stop anonymous access (including using existing access keys).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
eLabFTW 安全漏洞
Vulnerability Description
eLabFTW是eLabFTW开源的一套开源的实验数据托管平台。该平台运行于Linux系统中,并支持存储多种对象。 eLabFTW 5.0.0之前版本存在安全漏洞,该漏洞源于在默认情况下允许管理员创建新用户,可能导致任何团队成员在他们所在的团队中创建新用户,而新用户会自动验证且不会通知管理员,可能会被用来在系统中保持持久性。并且还允许用户以不同名称创建单独的账户,并产生误导性的修订历史。
CVSS Information
N/A
Vulnerability Type
N/A