CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-48942

The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.8%

CVSS Severity

CVSS v3 Score 5.9

References

https://syracom-bee.atlassian.net/wiki/spaces/SL/pages/3236560898/2024-09-16+-+Secure+Login+security+advisory+-+Insecure+default+configuration

Products affected by CVE-2024-48942

Syracom » Secure Login » Version: Any

cpe:2.3:a:syracom:secure_login:*
Syracom » Secure Login » Version: N/A

cpe:2.3:a:syracom:secure_login:-
Syracom » Secure Login » Version: 3.1.1.0

cpe:2.3:a:syracom:secure_login:3.1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48942

Products

Pricing

Contact Us