GHSA-7qqv-r2q4-jxhm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7qqv-r2q4-jxhm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-7qqv-r2q4-jxhm/GHSA-7qqv-r2q4-jxhm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7qqv-r2q4-jxhm
- Aliases
- Published
- 2019-01-14T16:19:31Z
- Modified
- 2024-10-18T22:22:58.534148Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- privacyIDEA Improper Input Validation vulnerability
- Details
-
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:23:21Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000809
- https://github.com/privacyidea/privacyidea/issues/1227
- https://github.com/privacyidea/privacyidea/commit/a3edc09beffa2104f357fe24971ea3211ce40751
- https://github.com/advisories/GHSA-7qqv-r2q4-jxhm
- https://github.com/privacyidea/privacyidea
- https://github.com/pypa/advisory-database/tree/main/vulns/privacyidea/PYSEC-2018-20.yaml
Affected packages
PyPI / privacyidea
Package
- Name
- privacyidea
- View open source insights on deps.dev
- Purl
- pkg:pypi/privacyidea
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.23.2
Affected versions
1.*
1.0dev4
1.0dev5
1.0dev6
1.0dev7
1.0
1.1
1.2
1.2.1-dev0
1.2.1
1.2.2
1.2.3
1.3
1.3.1
1.3.2
1.3.3
1.4dev5
1.4
1.4.1
1.5
1.5.1
1.5.1.1
2.*
2.0dev1
2.0
2.0.1
2.1
2.2
2.2.1
2.3
2.3.1
2.3.2
2.4
2.5
2.6dev0
2.6dev1
2.6dev2
2.6dev4
2.6dev5
2.6
2.7dev3
2.7
2.7.1
2.8dev4
2.8dev5
2.8dev7
2.8
2.8.1
2.9dev2
2.9
2.10dev2
2.10dev4
2.10dev5
2.10dev6
2.10
2.10.1
2.10.2
2.11dev2
2.11
2.11.1
2.11.2
2.11.3
2.12
2.12.1
2.13
2.14
2.15
2.16
2.16.1
2.17.dev4
2.17.dev5
2.17.dev6
2.17
2.18.dev3
2.18.dev4
2.18.dev5
2.18.dev6
2.18.dev7
2.18
2.18.1
2.19.dev2
2.19
2.19.1
2.20.dev1
2.20.dev2
2.20.dev3
2.20.dev4
2.20
2.20.1
2.21.dev2
2.21
2.21.1
2.21.2
2.21.3
2.21.4
2.22.dev3
2.22.dev4
2.22.dev7
2.22
2.22.1.dev1
2.22.1
2.22.2.dev1
2.22.2
2.22.4
2.23.dev3
2.23.dev4
2.23.dev5
2.23.dev6
2.23.dev7
2.23.dev8
2.23.dev9
2.23
2.23.1