All the vulnerabilites related to macrozheng - mall
cve-2024-11619
Vulnerability from cvelistv5
Published
2024-11-22 21:00
Modified
2024-11-23 13:28
Severity ?
2.3 (Low) - CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.0 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
macrozheng mall JWT Token default key
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.285842 | vdb-entry | |
| https://vuldb.com/?ctiid.285842 | signature, permissions-required | |
| https://vuldb.com/?submit.444666 | third-party-advisory | |
| https://github.com/macrozheng/mall/issues/880 | issue-tracking |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| macrozheng | mall |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T13:21:00.578663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:28:21.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"JWT Token Handler"
],
"product": "mall",
"vendor": "macrozheng",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "HeddaZhu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in macrozheng mall bis 1.0.3 entdeckt. Dies betrifft einen unbekannten Teil der Komponente JWT Token Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of default cryptographic key-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "Use of Default Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:00:10.761Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-285842 | macrozheng mall JWT Token default key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.285842"
},
{
"name": "VDB-285842 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.285842"
},
{
"name": "Submit #444666 | macrozheng(https://github.com/macrozheng) mall(https://github.com/macrozheng/mall) \u003c=1.0.3 Generation of Incorrect Security Tokens",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.444666"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/macrozheng/mall/issues/880"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-22T14:08:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "macrozheng mall JWT Token default key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11619",
"datePublished": "2024-11-22T21:00:10.761Z",
"dateReserved": "2024-11-22T13:02:32.666Z",
"dateUpdated": "2024-11-23T13:28:21.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}