A CWE-306: Missing Authentication for Critical Function... · CVE-2023-29411 · GitHub Advisory Database · GitHub

A CWE-306: Missing Authentication for Critical Function...

Critical severity Unreviewed Published Apr 18, 2023 to the GitHub Advisory Database • Updated Apr 4, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.

References

Published by the National Vulnerability Database

Apr 18, 2023

Published to the GitHub Advisory Database Apr 18, 2023

Last updated Apr 4, 2024

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H