CVE-2024-8135

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f	Patch
https://github.com/Go-Tribe/gotribe/issues/1	Issue Tracking
https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980	Issue Tracking
https://vuldb.com/?ctiid.275706	Permissions Required VDB Entry
https://vuldb.com/?id.275706	Permissions Required VDB Entry
https://vuldb.com/?submit.396310	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:gotribe:gotribe:*:*:*:*:*:*:*:*

History

27 Aug 2024, 15:41

Type	Values Removed	Values Added
CVSS	v2 : ~~5.8~~ v3 : ~~6.3~~	v2 : 5.8 v3 : 9.8
First Time		Gotribe Gotribe gotribe
References	~~() https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f -~~	() https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f - Patch
References	~~() https://github.com/Go-Tribe/gotribe/issues/1 -~~	() https://github.com/Go-Tribe/gotribe/issues/1 - Issue Tracking
References	~~() https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980 -~~	() https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980 - Issue Tracking
References	~~() https://vuldb.com/?ctiid.275706 -~~	() https://vuldb.com/?ctiid.275706 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.275706 -~~	() https://vuldb.com/?id.275706 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?submit.396310 -~~	() https://vuldb.com/?submit.396310 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:gotribe:gotribe::::::::

26 Aug 2024, 12:47

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en Go-Tribe gotribe hasta cd3ccd32cd77852c9ea73f986eaf8c301cfb6310 y clasificada como crítica. La función Sign del fichero pkg/token/token.go es afectada por la vulnerabilidad. La manipulación del argumento config.key conduce a credenciales codificadas. Este producto utiliza entrega continua con lanzamientos continuos. Por lo tanto, no hay detalles de las versiones afectadas ni actualizadas disponibles. El parche se identifica como 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. Se recomienda aplicar un parche para solucionar este problema.

24 Aug 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-24 22:15

Updated : 2024-08-27 15:41

NVD link : CVE-2024-8135

Mitre link : CVE-2024-8135

CVE.ORG link : CVE-2024-8135

JSON object : View

Products Affected

gotribe

gotribe

CWE

CWE-798

Use of Hard-coded Credentials

9.8 /10