How severe is CVE-2024-52586?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-52586?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2024-52586 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.

Related Vulnerabilities

CVE-2017-6871

MEDIUM

CVSS:5.4(Medium)

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacke...

CWE-2882017

CVE-2022-36249

MEDIUM

CVSS:5.4(Medium)

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsess...

CWE-2882022

CVE-2020-10048

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password pr...

CWE-2882020

CVE-2020-11005

MEDIUM

CVSS:5.5(Medium)

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing a...

CWE-2882020

CVE-2021-32958

MEDIUM

CVSS:5.5(Medium)

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, su...

CWE-2882021

CVE-2022-23725

MEDIUM

CVSS:5.5(Medium)

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CWE-2882022