Deserialization Vulnerability in Go-Tribe gotribe-admin 1.0 Must Be Patched
CVE-2024-8003

9.8CRITICAL

Key Information:

Vendor: Go-tribe
Status: Gotribe-admin
Vendor: CVE Published:; 20 August 2024

What is CVE-2024-8003?

A vulnerability exists in Go-Tribe's gotribe-admin product, specifically within the InitRoutes function located in the internal/app/routes/routes.go file. This flaw involves improper handling of log information, which can result in deserialization problems. To mitigate this issue, it is crucial to implement the recommended security patch identified as 45ac90d6d1f82716f77dbcdf8e7309c229080e3c. Failure to address this vulnerability may expose the system to potential security risks.

Affected Version(s)

gotribe-admin 1.0

References

https://vuldb.com/?id.275198

vdb-entrytechnical-description

https://vuldb.com/?ctiid.275198

signaturepermissions-required

https://vuldb.com/?submit.393987

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2024
Vulnerability Reserved
Aug 20, 2024

Credit

zihe (VulDB User)

Go-tribe

What is CVE-2024-8003?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit