Vulnerability Description
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glewlwyd Project | Glewlwyd | >= 2.0.0, < 2.6.1 |
Related Weaknesses (CWE)
References
- https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ePatchThird Party Advisory
- https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1Release NotesThird Party Advisory
- https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ePatchThird Party Advisory
- https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1Release NotesThird Party Advisory
FAQ
What is CVE-2021-45379?
CVE-2021-45379 is a vulnerability with a CVSS score of 8.8 (HIGH). Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
How severe is CVE-2021-45379?
CVE-2021-45379 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45379?
Check the references section above for vendor advisories and patch information. Affected products include: Glewlwyd Project Glewlwyd.