CVE-2024-48941

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-266
View all →

Vulnerability Description

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.

Related Vulnerabilities

CVE-2022-2626

CRITICAL
CVSS:9.1(Critical)

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

CWE-2662022

CVE-2024-10654

MEDIUM
CVSS:9.1(Critical)

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulati...

CWE-2662024

CVE-2025-23391

CRITICAL
CVSS:9.1(Critical)

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from...

CWE-2662025

CVE-2025-4118

MEDIUM
CVSS:9.1(Critical)

A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the arg...

CWE-2662025

CVE-2024-25660

CRITICAL
CVSS:9.0(Critical)

The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary...

CWE-2662024

CVE-2020-7009

HIGH
CVSS:8.8(High)

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can ...

CWE-2662020