exploitDog

CVE-2023-36649

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

Ссылки

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649
Exploit
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00103

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-qg95-6496-m556

CVSS3: 9.1

github

около 2 лет назад

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

EPSS

Процентиль: 29%

0.00103

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-532