Description

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The vulnerability allows a regular user to become administrator of a team where they are a member, under a reasonable configuration. Additionally, in eLabFTW versions subsequent to v5.0.0, the vulnerability may allow an initially unauthenticated user to gain administrative privileges over an arbitrary team. The vulnerability does not affect system administrator status. Users should upgrade to version 5.1.0. System administrators are advised to turn off local user registration, saml_team_create and not allow administrators to import users into teams, unless strictly required.

INFO

Published Date :

2024-10-01T14:36:50.451Z

Last Modified :

2024-10-01T15:00:01.610Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-25632 vulnerability.

Vendors Products
Elabftw
  • Elabftw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-25632.

URL Resource
https://github.com/elabftw/elabftw/security/advisories/GHSA-6m7p-gh9f-5mgg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact