macrozheng mall JWT Token default key
CVE-2024-11619

5MEDIUM

Key Information:

Vendor

Macrozheng

Status
Mall
Vendor
CVE Published:
22 November 2024

What is CVE-2024-11619?

A significant vulnerability has been identified in the Macrozheng Mall application, particularly affecting the JWT Token Handler component. This vulnerability stems from the usage of a default cryptographic key, which can compromise the integrity of security tokens. The complexity associated with exploiting this vulnerability is notably high, indicating that an attacker would need to navigate a challenging path to succeed. Despite early notification to the vendor regarding this issue, there has been no response, and related discussions on GitHub were subsequently removed without clarification, raising concerns about transparency and user awareness.

Affected Version(s)

mall 1.0.0

mall 1.0.1

mall 1.0.2

References

https://vuldb.com/?id.285842
vdb-entry
https://vuldb.com/?ctiid.285842
signaturepermissions-required
https://vuldb.com/?submit.444666
third-party-advisory

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HeddaZhu (VulDB User)
.