Observable Response Discrepancy in Antabot White-Jotter
CVE-2024-13028

6.3MEDIUM

Key Information:

Vendor

Antabot

Status
White-jotter
Vendor
CVE Published:
29 December 2024
đź”” Create Antabot Vulnerability Alert

What is CVE-2024-13028?

A potential issue has been identified in the Antabot White-Jotter application, specifically affecting versions up to 0.2.2. The vulnerability arises from an observable response discrepancy during the handling of the username parameter within the /login functionality. This manipulation can lead to information disclosure, providing attackers with further insights into the application behavior. While initiating an attack is feasible remotely, the complexity involved in successfully exploiting this vulnerability is significantly high, making it a challenging scenario for potential attackers. Awareness of this issue is critical for organizations utilizing the affected version of Antabot White-Jotter.

Affected Version(s)

White-Jotter 0.2.0

White-Jotter 0.2.1

White-Jotter 0.2.2

References

https://vuldb.com/?id.289721
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289721
signaturepermissions-required
https://vuldb.com/?submit.465924
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

vastzero (VulDB User)
.