Home > Vulnerability Database > CVE-2023-48712

Mend.io Vulnerability Database

CVE-2023-48712

Good to know:

Date: November 24, 2023

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: RUST

Severity Score

7.1

Related Resources (4)

Url: https://github.com/warp-tech/warpgate/security/advisories/GHSA-c94j-vqr5-3mxr

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48712

Url: https://github.com/warp-tech/warpgate/commit/e3b26b2699257b9482dce2e9157bd9b5e05d9c76

Url: https://www.mend.io/vulnerability-database/CVE-2023-48712

Severity Score

7.1

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v0.9.0

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48712

Good to know:

Date: November 24, 2023

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?