CVE-2023-35154

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-35154
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35154.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35154
Aliases
  • GHSA-48hp-jvv8-cf62
Published
2023-06-23T21:15:09Z
Modified
2024-05-29T20:52:01Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.

References

Affected packages

Git / github.com/knowagelabs/knowage-server

Affected ranges

Type
GIT
Repo
https://github.com/knowagelabs/knowage-server
Events