Lucene search

Dapr API token authentication bypass in HTTP endpoints

🗓️ 21 Jul 2023 20:36:17Reported by GoogleType

osv🔗 osv.dev👁 13 Views

Dapr API token authentication bypass impact HTTP endpoints. Fixed in Dapr 1.10.9 and 1.11.2

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2023-37918	21 Jul 202321:15	–	cve
Vulnrichment	CVE-2023-37918 API token authentication bypass in HTTP endpoints in Dapr	21 Jul 202320:08	–	vulnrichment
Github Security Blog	Dapr API token authentication bypass in HTTP endpoints	21 Jul 202320:17	–	github
Prion	Design/Logic Flaw	21 Jul 202321:15	–	prion
NVD	CVE-2023-37918	21 Jul 202321:15	–	nvd
Veracode	Authentication Bypass	25 Jul 202311:10	–	veracode
OSV	CVE-2023-37918	21 Jul 202321:15	–	osv
OSV	GO-2023-1955 Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr	20 Aug 202420:32	–	osv
Cvelist	CVE-2023-37918 API token authentication bypass in HTTP endpoints in Dapr	21 Jul 202320:08	–	cvelist

Source	Link
github	www.github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-37918
github	www.github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a
github	www.github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae
docs	www.docs.dapr.io/operations/security/api-token
github	www.github.com/dapr/dapr

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Jul 2023 20:17Current

7.3High risk

Vulners AI Score7.3

CVSS36.8 - 7.5

EPSS0.00123

SSVC