Описание
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
EPSS
Процентиль: 25%
0.00086
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
6 месяцев назад
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
EPSS
Процентиль: 25%
0.00086
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-200