Description

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.

INFO

Published Date :

2024-07-25T16:12:58.907Z

Last Modified :

2024-08-02T04:46:52.695Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41800 vulnerability.

Vendors Products
Craftcms
  • Craft Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41800.

URL Resource
https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38 cve-icon cve-icon cve-icon
https://github.com/craftcms/cms/releases/tag/5.2.3 cve-icon cve-icon cve-icon
https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx cve-icon cve-icon cve-icon
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact