Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by kitsada8621
CVE-2024-8297 (GCVE-0-2024-8297)
Vulnerability from cvelistv5 – Published: 2024-08-29 12:31 – Updated: 2024-08-29 13:11
VLAI
Title
kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs
Summary
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.276072 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.276072 | signaturepermissions-required |
| https://vuldb.com/?submit.394613 | third-party-advisory |
| https://github.com/kitsada8621/Digital-Library-Ma… | issue-tracking |
| https://github.com/kitsada8621/Digital-Library-Ma… | patch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| kitsada8621 | Digital Library Management System |
Affected:
1.0
|
|
| kitsada8621 | digital_library_management_system |
Affected:
1.0
cpe:2.3:a:kitsada8621:digital_library_management_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kitsada8621:digital_library_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital_library_management_system",
"vendor": "kitsada8621",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:07:33.496347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:11:08.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Digital Library Management System",
"vendor": "kitsada8621",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zihe (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in kitsada8621 Digital Library Management System 1.0 ausgemacht. Es geht dabei um die Funktion JwtRefreshAuth der Datei middleware/jwt_refresh_token_middleware.go. Mittels dem Manipulieren des Arguments Authorization mit unbekannten Daten kann eine improper output neutralization for logs-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 81b3336b4c9240f0bf50c13cb8375cf860d945f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T12:31:11.351Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276072 | kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276072"
},
{
"name": "VDB-276072 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276072"
},
{
"name": "Submit #394613 | kitsada8621 Digital-Library-Management-System 1.0 Improper Output Neutralization for Logs",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.394613"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-29T08:06:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8297",
"datePublished": "2024-08-29T12:31:11.351Z",
"dateReserved": "2024-08-29T06:01:30.392Z",
"dateUpdated": "2024-08-29T13:11:08.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}