An Incorrect Permission Check Affects eLabFTW Users
CVE-2024-45408

7.5HIGH

Key Information:

Vendor: Elabftw
Status: Elabftw
Vendor: CVE Published:; 1 October 2024

What is CVE-2024-45408?

A vulnerability in eLabFTW, an open-source electronic lab notebook, has been identified due to improper permission checks. This flaw permits authenticated users unauthorized access to sensitive information that should be restricted. If anonymous access is enabled, which is not the default setting, the risk extends to any individual without proper authentication. To mitigate this issue, it is highly recommended that users upgrade to version 5.1.0 or later. Additionally, system administrators should disable anonymous access through the System configuration panel to further enhance security.

Affected Version(s)

elabftw >= 4.4.0, < 5.1.0

References

https://github.com/elabftw/elabftw/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2024
Vulnerability Reserved
Aug 28, 2024

CVE-2024-45408 Data

JSON

Elabftw

What is CVE-2024-45408?

Affected Version(s)

References

CVSS V3.1

Timeline