Lucene search
Veracode Vulnerability DatabaseVERACODE:48241HistoryJul 26, 2024 - 2:40 p.m.
Improper Restriction Of Security Token Assignment
2024-07-2614:40:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
vulnerability
jwt key
configuration file
bypass
login verification
backend access
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.8
Confidence
High
github.com/KubeOperator/kubepi is vulnerable to Improper Restriction of Security Token Assignment. The vulnerability is due to an empty JWT key in the default configuration file, which allows for a bypass of the login verification and direct backend access.
Related
nvd
nvd
CVE-2024-36111
2024-07-25 14:15:12
vulnrichment
vulnrichment
CVE-2024-36111 KubePi's JWT token validation has a defect
2024-07-25 13:26:13
cvelist
cvelist
CVE-2024-36111 KubePi's JWT token validation has a defect
2024-07-25 13:26:13
cve
cve
CVE-2024-36111
2024-07-25 14:15:12
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.8
Confidence
High
Related for VERACODE:48241