Vulnerabilities (CVE)

Filtered by vendor Syracom Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-48942 1 Syracom 1 Secure Login 2024-10-11 N/A 5.9 MEDIUM
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.
CVE-2024-48941 1 Syracom 1 Secure Login 2024-10-11 N/A 5.4 MEDIUM
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.
CVE-2023-22958 1 Syracom 1 Secure Login 2024-02-28 N/A 6.1 MEDIUM
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.