← Voltar para CVEs
CVE-2021-27913
LOW3.5
Descricao
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
Detalhes CVE
Pontuacao CVSS v3.13.5
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado8/30/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
acquia:mautic
Fraquezas (CWE)
CWE-327CWE-338
Referencias
https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3(security@mautic.org)
https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.