Unrated severityNVD Advisory· Published Oct 1, 2024· Updated Oct 1, 2024

eLabFTW contains a direct and indirect information disclosure

CVE-2024-45408

Description

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel.

Affected products

Elabftw/Elabftwv5
Range: >= 4.4.0, < 5.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/elabftw/elabftw/security/advisories/GHSA-2c83-6j74-w8r5mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000