CVE-2018-17107

In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
tgstation13tgstation-server
3.2.1.0 ≤
𝑥
< 3.2.5.0
𝑥
= Vulnerable software versions
References
https://github.com/tgstation/tgstation-server/issues/690
https://github.com/tgstation/tgstation-server/issues/690