Description
Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not available but work on a fix is underway. As a workaround, users should avoid signing in.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut.github.io/security/advisories/GHSA-xx32-r9wr-whff
Issue Tracking x_refsource_misc
https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut.github.io/issues/3
Scores
CVSS v4
5.9
EPSS
0.0043
EPSS Percentile
34.5%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
Scratch-Coding-Hut/Scratch-Coding-Hut.github.io
<= 2025-02-28
Published
Mar 01, 2025
Tracked Since
Feb 18, 2026