Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.
References
Link | Resource |
---|---|
https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java | Exploit Third Party Advisory |
https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg | Third Party Advisory |
https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png | Third Party Advisory |
https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png | Third Party Advisory |
https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-04-20 00:16
Updated : 2024-02-28 19:09
NVD link : CVE-2022-24860
Mitre link : CVE-2022-24860
CVE.ORG link : CVE-2022-24860
JSON object : View
Products Affected
databasir_project
- databasir