macrozheng mall JWT Token default key

CVE-2024-11619

5MEDIUM

Key Information

Vendor: Macrozheng
Status: Mall
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation.

Affected Version(s)

mall = 1.0.0

mall = 1.0.1

mall = 1.0.2

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5 - (MEDIUM)
Nov 22, 2024
VulDB entry last update
Nov 22, 2024
Vulnerability Reserved.
Nov 22, 2024
VulDB entry created
Nov 22, 2024
Advisory disclosed
Nov 22, 2024
Vulnerability published.
Nov 22, 2024

Collectors

NVD DatabaseMitre Database

Credit

HeddaZhu (VulDB User)