holdennb CollabCal calenderServer.cpp handleGet improper authentication

A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. Using CWE to declare the problem leads to CWE-287. The weakness was shared 01/07/2023 as b80f6d1893607c99e5113967592417d0fe310ce6. The advisory is available at github.com. This vulnerability is traded as CVE-2014-125060. It is possible to launch the attack remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field01/07/2023 13:4901/29/2023 20:4501/29/2023 20:52
vendorholdennbholdennbholdennb
nameCollabCalCollabCalCollabCal
filecalenderServer.cppcalenderServer.cppcalenderServer.cpp
functionhandleGethandleGethandleGet
cwe287 (improper authentication)287 (improper authentication)287 (improper authentication)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifierb80f6d1893607c99e5113967592417d0fe310ce6b80f6d1893607c99e5113967592417d0fe310ce6b80f6d1893607c99e5113967592417d0fe310ce6
urlhttps://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6
namePatchPatchPatch
patch_nameb80f6d1893607c99e5113967592417d0fe310ce6b80f6d1893607c99e5113967592417d0fe310ce6b80f6d1893607c99e5113967592417d0fe310ce6
patch_urlhttps://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6https://github.com/holdennb/CollabCal/commit/b80f6d1893607c99e5113967592417d0fe310ce6
advisoryquoteFixed Login ExploitFixed Login ExploitFixed Login Exploit
cveCVE-2014-125060CVE-2014-125060CVE-2014-125060
responsibleVulDBVulDBVulDB
date1673046000 (01/07/2023)1673046000 (01/07/2023)1673046000 (01/07/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.56.56.5
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.07.07.0
cvss3_meta_basescore7.37.38.1
cvss3_meta_tempscore7.07.08.0
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1673046000 (01/07/2023)1673046000 (01/07/2023)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore7.5
cvss3_nvd_basescore9.8
cvss3_cna_basescore7.3

Do you need the next level of professionalism?

Upgrade your account now!