exploitDog

CVE-2023-36647

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Ссылки

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647
Exploit
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00073

Низкий

7.5 High

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-8vmp-8f6c-x5hr

CVSS3: 7.5

github

около 2 лет назад

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

EPSS

Процентиль: 22%

0.00073

Низкий

7.5 High

CVSS3

Дефекты

CWE-798