Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.
References
Configurations
History
21 Nov 2024, 06:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.4 |
References | () https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java - Exploit, Third Party Advisory | |
References | () https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg - Third Party Advisory | |
References | () https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png - Third Party Advisory | |
References | () https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png - Third Party Advisory | |
References | () https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png - Third Party Advisory |
Information
Published : 2022-04-20 00:16
Updated : 2024-11-21 06:51
NVD link : CVE-2022-24860
Mitre link : CVE-2022-24860
CVE.ORG link : CVE-2022-24860
JSON object : View
Products Affected
databasir_project
- databasir