Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server · CVE-2021-21403 · GitHub Advisory Database · GitHub

Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server

High severity GitHub Reviewed Published Mar 21, 2021 in kongchuanhujiao/ProvinceServer • Updated Jan 29, 2023

Package

github.com/kongchuanhujiao/server (Go)

Affected versions

< 1.3.21

Patched versions

1.3.21

Description

Impact

Authentication Bypass by Primary Weakness (CWE-305)

Commit:

kongchuanhujiao/ProvinceServer@9a12562

ALL Users is impacted.

Patches

Yes, PLEASE UPGRADE TO v1.3.21-beta.d0ffc0a6

References

qianjunakasumi published to kongchuanhujiao/ProvinceServer

Mar 21, 2021

Published by the National Vulnerability Database

Mar 26, 2021

Reviewed May 20, 2021

Published to the GitHub Advisory Database Feb 15, 2022

Last updated Jan 29, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N