admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-110xx/CVE-2024-11015.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

64 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-11015",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-12-12T04:15:04.797",
"lastModified": "2024-12-12T04:15:04.797",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator."
},
{
"lang": "es",
"value": " El complemento Sign In With Google para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 1.8.0 incluida . Esto se debe a que la funci\u00f3n de usuario 'authenticate_user' no implementa suficientes comprobaciones de valores nulos al configurar el token de acceso y la informaci\u00f3n del usuario. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como el primer usuario que haya iniciado sesi\u00f3n con Google OAuth, que podr\u00eda ser el administrador del sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/sign-in-with-google/trunk/src/admin/class-sign-in-with-google-admin.php#L525",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve",
"source": "security@wordfence.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink