CVE-2024-52586
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Dec 9, 2024
CWE ID 288
CWE ID 303
Summary
CVE-2024-52586 is a vulnerability affecting eLabFTW, an open-source electronic lab notebook used in research labs. Versions 4.6.0 and older, up to but not including 5.1.0, contain a weakness. An attacker who manages to authenticate locally, i.e., knowing or guessing a user's password, can bypass the built-in multifactor authentication (MFA) mechanism. This issue does not impact MFA performed by single sign-on services. To mitigate this risk, users are urged to upgrade to the minimum recommended version, 5.1.9.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share