Vulnerability Name: | CVE-2021-27913 (CCN-208611) | ||||||||||||
Published: | 2021-08-30 | ||||||||||||
Updated: | 2021-09-03 | ||||||||||||
Summary: | The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | ||||||||||||
CVSS v3 Severity: | 3.5 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N) 3.1 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
3.1 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-338 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-27913 Source: XF Type: UNKNOWN mautic-cve202127913-info-disc(208611) Source: CCN Type: Mautic GIT Repository Use of a Broken or Risky Cryptographic Algorithm Source: CONFIRM Type: Exploit, Patch, Third Party Advisory N/A Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-27913 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |