Unauthorized Access to Templates in eLabFTW

Unauthorized Access to Templates in eLabFTW

CVE-2022-31178 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.

Learn more about our User Device Pen Test.