Primary

Context

eLabFTW Incorrect Input Validation Vulnerability Leading to Sensitive Information Disclosure and Potential Privilege Escalation

Vulnerability

Patched

A vulnerability in eLabFTW, an open-source electronic lab notebook, prior to version 5.1.15, allows authenticated users to read sensitive information from the database, including login tokens. This incorrect input validation could lead to privilege escalation, especially if cookies are enabled, which is the default setting. Users are advised to upgrade to eLabFTW version 5.1.15, the first version containing the patch. No workarounds are available.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, such as login tokens, and could allow for privilege escalation within the application.

Remediation

Users must upgrade to eLabFTW version 5.1.15 to address this vulnerability. Instructions for upgrading can be found in the eLabFTW GitHub repository.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eLabFTW Incorrect Input Validation Vulnerability Leading to Sensitive Information Disclosure and Potential Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

eLabFTW

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating