Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_ignition_project | ignitionserver | 0.2.2_brc2 |
| the_ignition_project | ignitionserver | 0.2.3_brc3 |
| the_ignition_project | ignitionserver | 0.3.1_b1 |
| the_ignition_project | ignitionserver | 0.1.2_r2 |
| the_ignition_project | ignitionserver | 0.2.1_brc1 |
| the_ignition_project | ignitionserver | 0.1.2 |
The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_ignition_project | ignitionserver | 0.1.2_r1 |
| the_ignition_project | ignitionserver | 0.1.2_r2 |
| the_ignition_project | ignitionserver | 0.1.2 |
mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_ignition_project | ignitionserver | 0.3.6 |
| the_ignition_project | ignitionserver | 0.3.0 |
| the_ignition_project | ignitionserver | 0.3.1 |
| the_ignition_project | ignitionserver | 0.3.5 |
| the_ignition_project | ignitionserver | 0.3.3 |
| the_ignition_project | ignitionserver | 0.3.2 |
| the_ignition_project | ignitionserver | 0.3.4 |
mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| the_ignition_project | ignitionserver | 0.3.6 |
| the_ignition_project | ignitionserver | 0.3.0 |
| the_ignition_project | ignitionserver | 0.3.1 |
| the_ignition_project | ignitionserver | 0.3.5 |
| the_ignition_project | ignitionserver | 0.3.3 |
| the_ignition_project | ignitionserver | 0.3.2 |
| the_ignition_project | ignitionserver | 0.3.4 |