Server-side User JWT Token Verification Vulnerability Affects CMSaaSStarter Forks
CVE-2024-34354

6.5MEDIUM

Key Information:

Vendor
Criticalmoments
Status
Cmsaasstarter
Vendor
CVE Published:
14 May 2024

Summary

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.

Affected Version(s)

CMSaasStarter < 7904d416d2c72ec75f42fbf51e9e64fa74062ee6

References

https://github.com/CriticalMoments/CMSaasStarter/security...
x_refsource_CONFIRM
https://github.com/CriticalMoments/CMSaasStarter/pull/65
x_refsource_MISC
https://github.com/CriticalMoments/CMSaasStarter/commit/7...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.