2024-06-06 12:03:52 +00:00
{
"id" : "CVE-2024-5658" ,
"sourceIdentifier" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" ,
"published" : "2024-06-06T11:15:49.573" ,
2024-06-06 16:03:37 +00:00
"lastModified" : "2024-06-06T14:17:35.017" ,
2024-06-09 02:03:11 +00:00
"vulnStatus" : "Undergoing Analysis" ,
2024-06-06 12:03:52 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period."
2024-06-06 16:03:37 +00:00
} ,
{
"lang" : "es" ,
"value" : "El complemento CraftCMS Autenticaci\u00f3n de dos factores hasta 3.3.3 permite la reutilizaci\u00f3n de tokens TOTP varias veces dentro del per\u00edodo de validez."
2024-06-06 12:03:52 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 4.8 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-287"
}
]
}
] ,
"references" : [
{
"url" : "https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4" ,
"source" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a"
} ,
{
"url" : "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use" ,
"source" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a"
} ,
{
"url" : "https://plugins.craftcms.com/two-factor-authentication?craft4" ,
"source" : "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a"
}
]
}
