Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2024/03/13 6:18 p.m.10 views

CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.1CVSS9.3AI score0.00823EPSS
Exploits1References1
Prion
Prion
added 2022/05/20 3:15 p.m.23 views

Cross site request forgery (csrf)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

9.3CVSS9.6AI score0.01947EPSS
Exploits0References4Affected Software1
SonarSource Blog
SonarSource Blog
added 2022/02/16 12:0 a.m.163 views

Zabbix - A Case Study of Unsafe Session Storage

Introduction Zabbix is a very popular open-source monitoring platform used to collect, centralize and track metrics like CPU load and network traffic across entire infrastructures. It is very similar to solutions like Pandora FMS and Nagios. Because of its popularity, features and its privileged...

6.5CVSS0.2AI score0.95683EPSS
Exploits11
GithubExploit
GithubExploit
added 2021/11/17 8:33 a.m.281 views

Exploit for Improper Authentication in Apache Shenyu

Apache ShenYu Admin has a vulnerability that allows for authenti...

9.8CVSS7.2AI score0.40058EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2021/03/09 11:54 p.m.43 views

CVE-2021-21378

An authentication bypass vulnerability was found in envoyproxy/envoy. When specifying a JSON Web Token JWT authentication filter, if allowmissing is also used, this flaw allows an attacker to craft a request with a JWT token with an incorrect issuer bypassing the filter. The highest threat from...

8.2CVSS3.5AI score0.0171EPSS
Exploits0References5
Prion
Prion
added 2017/06/13 6:29 a.m.16 views

Input validation

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

7.5CVSS9.2AI score0.02129EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/06/13 6:29 a.m.23 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.8CVSS9.4AI score0.02129EPSS
Exploits0References2
Rows per page
Query Builder