Lucene search

Veracode Vulnerability DatabaseVERACODE:43912

HistoryOct 20, 2023 - 6:12 a.m.

Information Disclosure

2023-10-2006:12:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

bunkum

vulnerability

http request

token

authentication

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

bunkum is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Bunkum application. This request would cause the application to release a token from its cache, and then immediately reuse the token. The attacker could then use the released token to authenticate to the application and gain access to sensitive information.

CPENameOperatorVersion
bunkumle4.2.0
bunkumle4.2.0

CPE	Name	Operator	Version
	bunkum	le	4.2.0
	bunkum	le	4.2.0

References

github.com/advisories/GHSA-jrf2-h5j6-3rrq

github.com/LittleBigRefresh/Bunkum/commit/6e109464ed9255f558182f001f475a378405ff76

github.com/LittleBigRefresh/Bunkum/security/advisories/GHSA-jrf2-h5j6-3rrq

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VERACODE:43912