CVE-2018-17107

EUVD-2023-1676
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
tgstation13tgstation-server
3.2.1.0 ≤
𝑥
< 3.2.5.0
𝑥
= Vulnerable software versions
References
https://github.com/tgstation/tgstation-server/issues/690
https://github.com/tgstation/tgstation-server/issues/690