CVE-2021-45379

EUVD-2021-32152
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
glewlwyd_projectglewlwyd
2.0.0 ≤
𝑥
< 2.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glewlwyd
bookworm
2.7.5-3+deb12u1
fixed
bullseye
2.5.2-2+deb11u3
fixed
buster
not-affected
sid
2.7.6+ds-2
fixed
trixie
2.7.6+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glewlwyd
bionic
needs-triage
focal
needs-triage
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1