CNNVD-202509-4398 Information
CNNVD ID
CNNVD-202509-4398
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Obsidian Scheduler是美国Obsidian公司的一个企业级任务调度器。 Obsidian Scheduler 5.0.0版本至6.3.0版本存在安全漏洞,该漏洞源于账户锁定后仍允许通过Basic Authentication进行身份验证,可能导致绕过MFA保护并创建特权用户。
Description (English)
Obsidian Scheduler is an enterprise-level task dispatcher of the United States company Obsidian. There is a security gap between versions 5.0.0 to 6.3.0 of Obsidian Scheduler, which stems from the fact that after the account has been locked, identification through Basic Auditation is still permitted, which may lead to the MFA being bypassed and privileged users being created.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Obsidian
Published
2025-09-29
Last Modified
2026-02-24
References
https://blog.gregscharf.com/2025/07/11/upcoming-vulnerability-advisory/ https://blog.gregscharf.com/2025/07/31/obsidian-scheduler-access-control-vulnerability/ https://wiki.obsidianscheduler.com/docs/Release_Notes#Obsidian_6.3.1 https://access.redhat.com/security/cve/cve-2025-56449
Patch
https://wiki.obsidianscheduler.com/docs/Release_Notes#Obsidian_6.3.1
Share on: