Improper Authorization in eLabFTW
CVE-2022-31178

4.3MEDIUM

Key Information:

Vendor: Elabftw
Status: Elabftw
Vendor: CVE Published:; 1 August 2022

What is CVE-2022-31178?

eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.

Affected Version(s)

elabftw < 4.3.4

References

https://github.com/elabftw/elabftw/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2022
Vulnerability Reserved
May 18, 2022

CVE-2022-31178 Data

JSON

Elabftw

What is CVE-2022-31178?

Affected Version(s)

References

CVSS V3.1

Timeline