GHSA-h6jq-w432-j26w

Suggest an improvement
Source
https://github.com/advisories/GHSA-h6jq-w432-j26w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-h6jq-w432-j26w/GHSA-h6jq-w432-j26w.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-h6jq-w432-j26w
Aliases
  • CVE-2024-42850
Published
2024-08-16T21:32:36Z
Modified
2024-08-19T16:27:03.888168Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Silverpeas vulnerable to password complexity rule bypass
Details

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Database specific
{
    "nvd_published_at": "2024-08-16T19:15:10Z",
    "cwe_ids": [
        "CWE-521"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-19T16:01:12Z"
}
References

Affected packages

Maven / org.silverpeas.core:silverpeas-core

Package

Name
org.silverpeas.core:silverpeas-core
View open source insights on deps.dev
Purl
pkg:maven/org.silverpeas.core/silverpeas-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.4.2