Incorrect Authentication in elabftw
CVE-2021-43834

9.1CRITICAL

Key Information:

Vendor: Elabftw
Status: Elabftw
Vendor: CVE Published:; 16 December 2021

What is CVE-2021-43834?

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

Affected Version(s)

elabftw < 4.2.0

References

https://github.com/elabftw/elabftw/releases/tag/4.2.0

x_refsource_MISC

https://github.com/elabftw/elabftw/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2021
Vulnerability Reserved
Nov 16, 2021

CVE-2021-43834 Data

JSON

Elabftw

What is CVE-2021-43834?

Affected Version(s)

References

CVSS V3.1

Timeline