CVE Vulnerabilities

CVE-2023-6718

Authentication Bypass Using an Alternate Path or Channel

Published: Dec 13, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Repox Europeana 2.3.7 (including) 2.3.7 (including)

Potential Mitigations

References