CVE-2021-45379

Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
glewlwyd_projectglewlwyd
2.0.0 ≤
𝑥
< 2.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glewlwyd
bullseye
2.5.2-2+deb11u3
fixed
buster
not-affected
bookworm
2.7.5-3+deb12u1
fixed
sid
2.7.6+ds-2
fixed
trixie
2.7.6+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glewlwyd
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
focal
needs-triage
bionic
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1