CVE-2021-27913

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27913

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27913.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27913

Aliases

GHSA-x7g2-wrrp-r6h3

Published

2021-08-30T16:15:07Z

Modified

2024-05-13T21:56:42Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.

References

https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type: GIT
Repo: https://github.com/mautic/mautic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2f4cf5264a1281d029f002858b41b4efb80d8e83