CVE-2024-8135

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.

CVSS v3 6.3 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f	Patch
https://github.com/Go-Tribe/gotribe/issues/1	Issue Tracking
https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980	Issue Tracking
https://vuldb.com/?ctiid.275706	Permissions Required VDB Entry
https://vuldb.com/?id.275706	Permissions Required VDB Entry
https://vuldb.com/?submit.396310	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:gotribe:gotribe:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-24 22:15

Updated : 2024-08-27 15:41

NVD link : CVE-2024-8135

Mitre link : CVE-2024-8135

CVE.ORG link : CVE-2024-8135

JSON object : View

Products Affected

gotribe

gotribe

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-8135", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-24T22:15:13.827", "references": [{"url": "https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/Go-Tribe/gotribe/issues/1", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.275706", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.275706", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.396310", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Go-Tribe gotribe hasta cd3ccd32cd77852c9ea73f986eaf8c301cfb6310 y clasificada como cr\u00edtica. La funci\u00f3n Sign del fichero pkg/token/token.go es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento config.key conduce a credenciales codificadas. Este producto utiliza entrega continua con lanzamientos continuos. Por lo tanto, no hay detalles de las versiones afectadas ni actualizadas disponibles. El parche se identifica como 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. Se recomienda aplicar un parche para solucionar este problema."}], "lastModified": "2024-08-27T15:41:47.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gotribe:gotribe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F46A939-AF95-4372-9A2A-CBC91D96B52A", "versionEndExcluding": "2024-08-23"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}