Vulnerability Description
Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mintplexlabs | Vector Admin | < 2024-01-23 |
Related Weaknesses (CWE)
References
- https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719Patch
- https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/PatchThird Party Advisory
- https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719Patch
- https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/PatchThird Party Advisory
FAQ
What is CVE-2024-0879?
CVE-2024-0879 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address.
How severe is CVE-2024-0879?
CVE-2024-0879 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0879?
Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Vector Admin.