CVE-2024-48941

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Oct 10, 2024

Updated: Oct 11, 2024

CWE ID 266

Summary

CVE-2024-48941 identifies a critical vulnerability in the Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket, specifically affecting versions up to 3.1.4.5. This vulnerability allows remote attackers to bypass two-factor authentication by exploiting the allowlisted /rest endpoint in these applications. Organizations using these products are at high risk for confidentiality and integrity impacts, with an exploitability score of 3.9 and a base severity rating of 9.1 on the CVSS scale. To remediate this issue, it is recommended that organizations review their configurations to restrict access to the /rest endpoint and apply necessary updates provided by the vendor. For further details, organizations can refer to the vendor's security advisory available online.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database