CVE-2024-52586

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 9, 2024
CWE ID 288
CWE ID 303

Summary

CVE-2024-52586 is a vulnerability affecting eLabFTW, an open-source electronic lab notebook used in research labs. Versions 4.6.0 and older, up to but not including 5.1.0, contain a weakness. An attacker who manages to authenticate locally, i.e., knowing or guessing a user's password, can bypass the built-in multifactor authentication (MFA) mechanism. This issue does not impact MFA performed by single sign-on services. To mitigate this risk, users are urged to upgrade to the minimum recommended version, 5.1.9.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share