CVE-2023-34240: Weak passwords allowed in cloudexplorer-lite

6.5 CVSS

Description

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Classification

CVE ID: CVE-2023-34240

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: CloudExplorer-Dev

Product: CloudExplorer-Lite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 50.84% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-px4m-5j22-5mw4

Timeline

2024-11-28 00:11:15 UTC
CVE

Weak passwords allowed in cloudexplorer-lite