CVE-2019-16766
Description
When using wagtail-2fa before 1.3.0, if someone gains access to someones Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.17
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-16766 are fixed in Python-wagtail-2fa 1.3.0 | Windows |
| Vulnerabilities CVE-2019-16766 are fixed in Python-wagtail-2fa for linux 1.3.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234