CVE-2023-35154

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35154

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35154.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-35154

Related

GHSA-48hp-jvv8-cf62

Published

2023-06-23T21:15:09Z

Modified

2024-11-21T08:08:02Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.

References

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62

Affected packages

Git / github.com/knowagelabs/knowage-server

Affected ranges

Type: GIT
Repo: https://github.com/knowagelabs/knowage-server
Events: Introduced

eb0a58ddc4badcbf4502ca523cf415743c023aa0

Fixed

d098e2426ba05fab5dbce0eb78c3ccca46b5912e