CVE-2022-31178 – Improper Authorization in eLabFTW
https://notcve.org/view.php?id=CVE-2022-31178
eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue. eLabFTW es un gestor de cuadernos de laboratorio electrónicos para equipos de investigación. • https://github.com/elabftw/elabftw/security/advisories/GHSA-63qq-hw97-8q7x • CWE-863: Incorrect Authorization •
CVE-2022-31007 – Privilege escalation from administrator in eLabFTW
https://notcve.org/view.php?id=CVE-2022-31007
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. • https://github.com/gregscharf/CVE-2022-31007-Python-POC https://github.com/elabftw/elabftw/releases/tag/4.3.0 https://github.com/elabftw/elabftw/security/advisories/GHSA-937c-m7p3-775v • CWE-842: Placement of User into Incorrect Group CWE-1287: Improper Validation of Specified Type of Input •
CVE-2021-43834 – Incorrect Authentication in elabftw
https://notcve.org/view.php?id=CVE-2021-43834
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. eLabFTW es un administrador de cuadernos de laboratorio electrónicos para equipos de investigación. En versiones anteriores a 4.2.0, se presenta una vulnerabilidad que permite a un atacante autenticarse como un usuario existente, si ese usuario fue creado usando una opción de autenticación de inicio de sesión único como LDAP o SAML. • https://github.com/elabftw/elabftw/releases/tag/4.2.0 https://github.com/elabftw/elabftw/security/advisories/GHSA-98rp-gx76-33ph • CWE-287: Improper Authentication •
CVE-2021-43833 – Account takeover in eLabFTW
https://notcve.org/view.php?id=CVE-2021-43833
eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. • https://github.com/elabftw/elabftw/releases/tag/4.2.0 https://github.com/elabftw/elabftw/security/advisories/GHSA-v659-q2fh-v99w • CWE-287: Improper Authentication •
CVE-2021-41171 – Bypass bruteforce protection on login form in elabftw
https://notcve.org/view.php?id=CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. • https://github.com/elabftw/elabftw/commit/8e92afeec4c3a68dc88333881b7e6307f425706b https://github.com/elabftw/elabftw/releases/tag/4.1.0 https://github.com/elabftw/elabftw/security/advisories/GHSA-q67h-5pc3-g6jv https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies https://www.exploit-db.com/docs/50436 • CWE-307: Improper Restriction of Excessive Authentication Attempts •