exploitDog

GHSA-w74h-vqm6-c7xv

Опубликовано: 14 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

Ссылки

EPSS

Процентиль: 27%

0.00095

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2025-27845

CVSS3: 9.8

nvd

6 месяцев назад

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

EPSS

Процентиль: 27%

0.00095

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-200