Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31863

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-09 Apr, 2024 | 10:25
Updated At-25 Mar, 2025 | 18:21
Rejected At-
Credits

Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:09 Apr, 2024 | 10:25
Updated At:25 Mar, 2025 | 18:21
Rejected At:
▼CVE Numbering Authority (CNA)
Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Zeppelin
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.zeppelin:zeppelin-server
Default Status
unaffected
Versions
Affected
  • From 0.10.1 before 0.11.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-290
Description: CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
moderate
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Esa Hiltunen
finder
https://teragrep.com
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/04/09/6
N/A
Hyperlink: https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
Resource:
vendor-advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/09/6
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
The Apache Software Foundationapache
Product
zeppelin
CPEs
  • cpe:2.3:a:apache:zeppelin:0.10.1:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0.10.1 before 0.11.0 (custom)
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
vendor-advisory
x_transferred
http://www.openwall.com/lists/oss-security/2024/04/09/6
x_transferred
Hyperlink: https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/09/6
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:09 Apr, 2024 | 11:15
Updated At:25 Mar, 2025 | 19:15

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
The Apache Software Foundation
apache
>>zeppelin>>0.10.1
cpe:2.3:a:apache:zeppelin:0.10.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-290Secondarysecurity@apache.org
CWE ID: CWE-290
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2024/04/09/6security@apache.org
Mailing List
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9security@apache.org
Mailing List
http://www.openwall.com/lists/oss-security/2024/04/09/6af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9af854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/09/6
Source: security@apache.org
Resource:
Mailing List
Hyperlink: https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
Source: security@apache.org
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/09/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8s7w3ct9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

72Records found
CVE-2023-34167
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.51%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-20203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.67% / 70.33%
||
7 Day CHG~0.00%
Published-01 Jan, 2020 | 21:59
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

Action-Not Available
Vendor-postiepluginn/a
Product-postien/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-20246
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 17:13
Updated-06 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.

Action-Not Available
Vendor-snortCisco Systems, Inc.
Product-ios_xesnortfirepower_threat_defenseCisco Firepower Threat Defense SoftwareCisco Umbrella Insights Virtual Appliance
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-18659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 63.31%
||
7 Day CHG~0.00%
Published-02 Nov, 2019 | 00:49
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.

Action-Not Available
Vendor-readyn/a
Product-wireless_emergency_alertsn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-32275
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-14 Apr, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Survey Maker plugin <= 5.1.5.4 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.

Action-Not Available
Vendor-AYS Pro Extensions
Product-survey_makerSurvey Maker
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-24628
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.58%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.

Action-Not Available
Vendor-BestWebSoft
Product-Google Captcha
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-49214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.77%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-29 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-0388
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.86%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 22:17
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

Action-Not Available
Vendor-SAP SE
Product-uiSAP UI 700SAP UI
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-41432
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.17%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 00:00
Updated-08 Aug, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.

Action-Not Available
Vendor-likeshopn/alikeshop
Product-likeshopn/alikeshop
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-35538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.96%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 00:00
Updated-28 Apr, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

Action-Not Available
Vendor-typechon/atypecho
Product-typechon/atypecho
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2024-33917
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:13
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WTI Like Post plugin <= 1.4.6 - IP Restriction Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.

Action-Not Available
Vendor-webtechideas
Product-WTI Like Post
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-32827
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.51%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:39
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Giveaways and Contests by RafflePress plugin <= 1.12.7 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7.

Action-Not Available
Vendor-SeedProd, LLC (RafflePress)
Product-Giveaways and Contestsgiveaways_and_contests_by_rafflepress
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-32786
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:38
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Royal Elementor Addonsroyal_elementor_addons_and_templates
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-30522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:21
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0.

Action-Not Available
Vendor-Stefano Lissa & The Newsletter Teamstefanno_lissa
Product-Newsletternewsletter
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-28228
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 11:39
Updated-16 Dec, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrackyoutrack
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-25595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:23
Updated-28 May, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.

Action-Not Available
Vendor-Incsub, LLC
Product-defenderDefender Securitydefender_security
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-21746
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:46
Updated-07 Feb, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Ultimate Review plugin <= 2.3.2 - IP limit Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-1347
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 11:02
Updated-22 May, 2025 | 04:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass by Spoofing in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-13685
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.37%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 06:00
Updated-14 May, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.

Action-Not Available
Vendor-wpaseUnknown
Product-admin_and_site_enhancementsAdmin and Site Enhancements (ASE)
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-35749
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-3.7||LOW
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:39
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.

Action-Not Available
Vendor-Acurax Technologies
Product-under_construction_\/_maintenance_modeUnder Construction / Maintenance Mode from Acurax
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-54158
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-3.5||LOW
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 11:16
Updated-30 Jan, 2025 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-173
Improper Handling of Alternate Encoding
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-32983
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.98%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 15:05
Updated-03 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.

Action-Not Available
Vendor-nicn/a
Product-knot_resolvern/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
  • Previous
  • 1
  • 2
  • Next
Details not found