{"id":"CVE-2024-52586","summary":"eLabFTW MFA bypass","details":"eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.","aliases":["GHSA-pvxr-39g3-m28c"],"modified":"2026-04-10T05:12:21.868181Z","published":"2024-12-09T18:38:42.856Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52586.json","cwe_ids":["CWE-288","CWE-303"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52586.json"},{"type":"ADVISORY","url":"https://github.com/elabftw/elabftw/security/advisories/GHSA-pvxr-39g3-m28c"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52586"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elabftw/elabftw","events":[{"introduced":"97209a0af36463f8b54d8925f76df771a7202290"},{"fixed":"4aad67bdd3bf772188b539a9eb59e9e409f750cc"}]}],"versions":["4.6.0","4.6.1","4.7.0","4.8.0","4.8.0-alpha","4.8.0-beta","4.8.1","4.8.2","4.8.3","4.9.0","4.9.0-alpha","4.9.0-beta","4.9.0-beta2","5.0.0","5.0.0-alpha","5.0.0-alpha2","5.0.0-alpha3","5.0.0-alpha4","5.0.0-beta","5.0.0-beta2","5.0.0-beta3","5.1.0","5.1.0-alpha","5.1.0-alpha2","5.1.0-alpha3","5.1.0-alpha4","5.1.0-beta","5.1.0-beta2","5.1.0-beta3","5.1.0-beta4","5.1.1","5.1.2","5.1.3","5.1.4","5.1.5","5.1.6","5.1.7","5.1.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52586.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}