Описание
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:starwind:command_center:6864:*:*:*:*:*:*:*
cpe:2.3:a:starwind:san\&nas:1578:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.006
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
около 4 лет назад
StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges.
EPSS
Процентиль: 69%
0.006
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287