What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.1.
Explanation of Vulnerability in Simple Terms
Workreap Core versions up to 3.4.1 contain an authentication bypass vulnerability that allows unauthenticated attackers to gain full control of the application. The flaw stems from improper authentication validation, enabling attackers to read, modify, or delete data without credentials. No user interaction is required; the vulnerability is exploitable over the network.
What an attacker can do
Read, modify, or delete any data in the application without logging in.
Potential impact on your site
Complete compromise of the Workreap Core installation; attackers can access all user data, modify site content, and disrupt service.
Conditions required to exploit
Network access to the Workreap Core installation. No authentication or user interaction required.
Key dates
External resources