Packagist (Composer) package
codeigniter4/shield
pkg:composer/codeigniter4/shield
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48707 | — | < 1.0.0-beta.8 | 1.0.0-beta.8 | Nov 24, 2023 | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the da | ||
| CVE-2023-48708 | — | < 1.0.0-beta.8 | 1.0.0-beta.8 | Nov 24, 2023 | CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token | ||
| CVE-2023-27580 | — | < 1.0.0-beta.4 | 1.0.0-beta.4 | Mar 13, 2023 | CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vuln | ||
| CVE-2022-35943 | — | >= 1.0.0-beta, < 1.0.0-beta.2 | 1.0.0-beta.2 | Aug 12, 2022 | Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechani |
- CVE-2023-48707Nov 24, 2023affected < 1.0.0-beta.8fixed 1.0.0-beta.8
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the da
- CVE-2023-48708Nov 24, 2023affected < 1.0.0-beta.8fixed 1.0.0-beta.8
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token
- CVE-2023-27580Mar 13, 2023affected < 1.0.0-beta.4fixed 1.0.0-beta.4
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vuln
- CVE-2022-35943Aug 12, 2022affected >= 1.0.0-beta, < 1.0.0-beta.2fixed 1.0.0-beta.2
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechani