Improper API Key Generation in Cerebrate by Cerebrate Project
CVE-2023-26468

9.1CRITICAL

Key Information:

Vendor: Cerebrate-project
Status: Cerebrate
Vendor: CVE Published:; 24 February 2023

🔔 Create Cerebrate-project Vulnerability Alert

What is CVE-2023-26468?

In Cerebrate version 1.12, there exists a security flaw in the API key generation process. Specifically, the system fails to adequately validate the organization_id, which could lead to unauthorized access and various security issues. Proper validation of organization identifiers is crucial to prevent potential breaches. Developers are encouraged to apply necessary updates and monitor for further security enhancements.

References

https://github.com/cerebrate-project/cerebrate/commit/7cc...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2023
Vulnerability Reserved
Feb 23, 2023

CVE-2023-26468 Data

JSON