Vulnerabilities > CVE-2024-48942 - Unspecified vulnerability in Syracom Secure Login 3.1.1.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |