CVE-2021-43834

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43834

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43834.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43834

Related

GHSA-98rp-gx76-33ph

Published

2021-12-16T00:15:07.507Z

Modified

2026-01-30T02:34:28.420083Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0.

References

Affected packages

Git / github.com/elabftw/elabftw

Affected ranges

Type: GIT
Repo: https://github.com/elabftw/elabftw
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

061b57af9d761358ca3e87c63745644376b62193

Affected versions

0.*

0.10.0

0.10.0-RC

0.10.1

0.11.0

0.11.0-RC

0.11.0a

0.12.0

0.12.0-BETA

0.12.0-RC

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.7.0

0.7.1

0.7.2

0.7.3

0.7.3.1

0.7.3.2

0.8

0.8.1

0.8.2

0.8.3

0.9

0.9.1

0.9.1.1

0.9.1.2

0.9.4

0.9.4.2

0.9.5

1.*

1.0.0

1.0.0-alpha

1.0.0-beta

1.1.0

1.1.1

1.1.2

1.1.2-p1

1.1.3

1.1.4

1.1.4-p1

1.1.4-p2

1.1.4-p3

1.1.5

1.1.5-beta

1.1.5-p1

1.1.5-p2

1.1.6

1.1.7

1.1.8

1.1.8-p1

1.1.8-p2

1.2.0

1.2.0-alpha

1.2.0-beta

1.2.0-p1

1.2.0-p2

1.2.0-p3

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

2.*

2.0.0

2.0.0-alpha1

2.0.0-alpha2

2.0.0-beta

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.1.0-alpha

3.*

3.0.0

3.0.0-alpha

3.0.0-beta

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.10

3.3.11

3.3.12

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.4.0

3.4.0-alpha

3.4.0-beta

3.4.1

3.4.10

3.4.11

3.4.12

3.4.13

3.4.14

3.4.15

3.4.16

3.4.17

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.0-beta

3.5.0-rc

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.6.0

3.6.0-alpha

3.6.0-beta

3.6.0-rc

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

4.*

4.0.0

4.0.0-alpha

4.0.0-alpha2

4.0.0-beta

4.0.0-beta2

4.0.0-beta3

4.0.0-beta4

4.0.0-beta5

4.0.0-beta6

4.0.1

4.0.10

4.0.11

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.0-BETA

4.1.0-BETA2

4.1.0-BETA3

4.1.0-BETA4

4.1.0-BETA5

4.1.0-BETA6

4.2.0-BETA

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43834.json"