How severe is CVE-2024-45298?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-45298?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2024-45298

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-670

View all →

Vulnerability Description

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me reset my password, but after resetting my password I can get into the wiki I was locked out of. The ramifications of this bug is a user can **bypass an account disabling by requesting their password be reset**. All users of wiki.js version `2.5.303` who use any account restrictions and have disabled user are affected. This issue has been addressed in version 2.5.304 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2020-26506

MEDIUM

CVSS:4.3(Medium)

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed f...

CWE-6702020

CVE-2020-3885

MEDIUM

CVSS:4.3(Medium)

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windo...

CWE-6702020

CVE-2024-25622

MEDIUM

CVSS:4.3(Medium)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The conf...

CWE-6702024

CVE-2024-47168

LOW

CVSS:4.3(Medium)

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False....

CWE-6702024

CVE-2021-3011

MEDIUM

CVSS:4.2(Medium)

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attacker...

CWE-6702021

CVE-2024-53269

MEDIUM

CVSS:4.5(Medium)

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has bee...

CWE-6702024

CVE-2024-45298

Vulnerability Description

Related Vulnerabilities

CVE-2020-26506

CVE-2020-3885

CVE-2024-25622

CVE-2024-47168

CVE-2021-3011

CVE-2024-53269