5 matches found
CVE-2024-42165
FIWARE Keyrock crypto issue: activation tokens are generated from insufficiently random values in Keyrock ≤ 8.4, enabling an attacker to predict activation tokens and activate arbitrary user accounts. Several connected sources (Red Hat, CNVD/CNNVD mirrors, OSV, CVE records) corroborate the vulner...
CVE-2024-42164
CVE-2024-42164 affects FIWARE Keyrock versions
CVE-2024-42163
CVE-2024-42163 affects FIWARE Keyrock up to version 8.4. The root cause is insufficiently random values used to generate password reset tokens, enabling an attacker to predict a token and seize a user’s account. Affected component: Keyrock password reset flow; vulnerable until patch/version that ...
CVE-2024-42166
The CVE-2024-42166 entry concerns FIWARE Keyrock 8.4 and earlier, where generate_app_certificates in lib/app_certificates.js fails to neutralize OS command elements. This enables an authenticated user with permissions to create applications to execute arbitrary commands by supplying a malicious a...
CVE-2024-42167
The CVE-2024-42167 entry concerns FIWARE Keyrock (