1. Home
  2. CVE Database
  3. CVE-2018-1000875
CRITICAL · 9.8

CVE-2018-1000875

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of...

Vulnerability Description

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
UniversityofcaliforniaBoinc Server>= 1.0.0, < 1.0.3

References

FAQ

What is CVE-2018-1000875?

CVE-2018-1000875 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of...

How severe is CVE-2018-1000875?

CVE-2018-1000875 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1000875?

Check the references section above for vendor advisories and patch information. Affected products include: Universityofcalifornia Boinc Server.