CVE-2024-52586
- Source
- https://cve.org/CVERecord?id=CVE-2024-52586
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52586.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-52586
- Aliases
-
- GHSA-pvxr-39g3-m28c
- Published
- 2024-12-09T18:38:42.856Z
- Modified
- 2026-04-10T05:12:21.868181Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- eLabFTW MFA bypass
- Details
-
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.
- Database specific
{ "cwe_ids": [ "CWE-288", "CWE-303" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52586.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/elabftw/elabftw
Affected versions
4.*
4.6.0
4.6.1
4.7.0
4.8.0
4.8.0-alpha
4.8.0-beta
4.8.1
4.8.2
4.8.3
4.9.0
4.9.0-alpha
4.9.0-beta
4.9.0-beta2
5.*
5.0.0
5.0.0-alpha
5.0.0-alpha2
5.0.0-alpha3
5.0.0-alpha4
5.0.0-beta
5.0.0-beta2
5.0.0-beta3
5.1.0
5.1.0-alpha
5.1.0-alpha2
5.1.0-alpha3
5.1.0-alpha4
5.1.0-beta
5.1.0-beta2
5.1.0-beta3
5.1.0-beta4
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8