Vulnerability in Go-Tribe's gotribe Affects Token Generation
CVE-2024-8135

9.8CRITICAL

Key Information:

Vendor
Go-tribe
Status
Gotribe
Vendor
CVE Published:
24 August 2024

Summary

A severe vulnerability has been identified in Go-Tribe's gotribe application, specifically in the Sign function located within the token.go file. The issue arises from the manipulation of the config.key argument, which can lead to hard-coded credentials that compromise the security of the application. Continuous delivery methodologies, including rolling releases, are employed for this product, meaning specific version details may not always be available. A patch addressing this vulnerability has been issued with the identifier 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f, and it is highly recommended that users promptly apply this patch to mitigate potential security risks. For further technical details and updates, refer to the appropriate issue tracking and advisory documentation.

Affected Version(s)

gotribe cd3ccd32cd77852c9ea73f986eaf8c301cfb6310

References

https://vuldb.com/?id.275706
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275706
signaturepermissions-required
https://vuldb.com/?submit.396310
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

zihe (VulDB User)
.