CVE-2023-49947

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 3, 2023

Updated: Dec 7, 2023

CWE ID 863

Summary

CVE-2023-49947 is a vulnerability affecting Forgejo before version 1.20.5-1. This issue enables bypassing two-factor authentication (2FA) when Docker login utilizes Basic Authentication. An attacker who gains access to the user's basic authentication credentials can bypass the 2FA verification, potentially gaining unauthorized access to the Docker environment. This vulnerability poses a significant risk, as it undermines an essential security measure intended to protect against unauthorized access. Users are encouraged to update their Forgejo installation to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tq7TTj
https://www.cve.org/CVERecord?id=CVE-2023-49947
https://nvd.nist.gov/vuln/detail/CVE-2023-49947

Back to Vulnerability Database

CVE-2023-49947

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations