Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.
References
Link | Resource |
---|---|
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-48hp-jvv8-cf62 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-23T20:20:49.978Z
Updated: 2023-06-23T20:20:49.978Z
Reserved: 2023-06-14T14:17:52.177Z
Link: CVE-2023-35154
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-23T21:15:09.400
Modified: 2023-07-03T18:47:34.727
Link: CVE-2023-35154
JSON object: View
Redhat Information
No data.
CWE