CVE-2022-24860

Опубликовано: 20 апр. 2022

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.

Ссылки

https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
Exploit
Third Party Advisory
https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png
Third Party Advisory
https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java
Exploit
Third Party Advisory
https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png
Third Party Advisory
https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:databasir_project:databasir:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00342

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-321

CWE-798

EPSS

Процентиль: 56%

0.00342

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-321

CWE-798