Vulnerability Name:

CCN-71360

Published:2011-11-17
Updated:2011-11-17
Summary:SPIP could allow a remote attacker to bypass security restrictions, caused by an error during authentication. An attacker could exploit this vulnerability to gain administrative access to the application.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: SPIP Contrib
SPIP 1.9.2n, 2.0.17, 2.1.12 disponibles

Source: CCN
Type: SA46907
SPIP Security Bypass and Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-50727
SPIP Authorization Check Privilege Escalation Vulnerability

Source: CCN
Type: SPIP Website
SPIP - English

Source: XF
Type: UNKNOWN
spip-authentication-security-bypass(71360)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:spip:spip:1.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:spip:spip:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:spip:spip:2.1.11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    spip spip 1.9.2
    spip spip 2.0.16
    spip spip 2.1.11