SCA: security update for froxlor/froxlor (GHSA-625g-fm5w-w7w4)

high Tenable Cloud Security Plugin ID 411103

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit
the registration form with the essential fields, such as the username and password, left intentionally
blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname,
company name) established by the system. Version 2.1.2 fixes this issue. (CVE-2023-50256)

See Also

https://github.com/advisories/GHSA-625g-fm5w-w7w4

Plugin Details

Severity: High

ID: 411103

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.51

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-50256

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/4/2024

Vulnerability Publication Date: 1/3/2024

Reference Information

CVE: CVE-2023-50256

cwe: CWE-20