Lucene search

CVE-2024-34706

🗓️ 14 May 2024 15:29:39Reported by GitHub_MType

Security issue in Valtimo platform. Exposure of user access token allows retrieval of personal information and execution of requests via misconfigured Form.io component.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Veracode	JWT Exposure	14 May 202404:32	–	veracode
NVD	CVE-2024-34706	14 May 202415:39	–	nvd
OSV	GHSA-XCP4-62VJ-CQ3R @valtimo/components exposes access token to form.io	13 May 202416:04	–	osv
OSV	CVE-2024-34706	14 May 202415:39	–	osv
RedhatCVE	CVE-2024-34706	5 Feb 202511:20	–	redhatcve
Cvelist	CVE-2024-34706 @valtimo/components exposes access token to form.io	13 May 202416:02	–	cvelist
Vulnrichment	CVE-2024-34706 @valtimo/components exposes access token to form.io	13 May 202416:02	–	vulnrichment
Github Security Blog	@valtimo/components exposes access token to form.io	13 May 202416:04	–	github

Vulners

Vulnrichment

Node

valtimo-platform valtimo_frontend_librariesRange<10.8.4

valtimo-platform valtimo_frontend_librariesRange11.0.0–11.1.6

valtimo-platform valtimo_frontend_librariesRange11.2.0–11.2.2

[
  {
    "vendor": "valtimo-platform",
    "product": "valtimo-frontend-libraries",
    "versions": [
      {
        "version": "< 10.8.4",
        "status": "affected"
      },
      {
        "version": ">= 11.0.0, < 11.1.6",
        "status": "affected"
      },
      {
        "version": ">= 11.2.0, < 11.2.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/valtimo-platform/valtimo-frontend-libraries/commit/d65e05fd2784bd4a628778b34a5b79ce2f0cef8c
github	www.github.com/valtimo-platform/valtimo-frontend-libraries/commit/1aaba5ef5750dafebbc7476fb08bf2375a25f19e
github	www.github.com/valtimo-platform/valtimo-frontend-libraries/commit/8c2dbf2a41180d2b0358d878290e4d37168f0fb6
github	www.github.com/valtimo-platform/valtimo-frontend-libraries/security/advisories/GHSA-xcp4-62vj-cq3r

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:39Current

6.6Medium risk

Vulners AI Score6.6

CVSS39.8

EPSS0.00412

SSVC

CWE-532