exploitDog

GHSA-2352-52mf-hwj3

Опубликовано: 16 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Ссылки

EPSS

Процентиль: 10%

0.00038

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-1394

CWE-287

Связанные уязвимости

CVE-2023-6451

CVSS3: 8.6

nvd

больше 1 года назад

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

EPSS

Процентиль: 10%

0.00038

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-1394

CWE-287