Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses.
References
Link | Resource |
---|---|
https://user-images.githubusercontent.com/75008428/163742517-ecc1c787-1ef6-4df9-bdf2-407b2b31e111.png | Third Party Advisory |
https://github.com/vran-dev/databasir/blob/master/core/src/main/java/com/databasir/core/infrastructure/jwt/JwtTokens.java | Exploit Third Party Advisory |
https://user-images.githubusercontent.com/75008428/163742596-5c13153a-be8f-4ce3-9681-bc68b5f7e9c5.png | Third Party Advisory |
https://github.com/vran-dev/databasir/security/advisories/GHSA-9prp-5jc9-jpgg | Third Party Advisory |
https://user-images.githubusercontent.com/75008428/163742566-a69c91e8-db20-4058-8967-1cfe86facc6d.png | Third Party Advisory |
Configurations
Information
Published : 2022-04-19 17:16
Updated : 2022-04-29 16:44
NVD link : CVE-2022-24860
Mitre link : CVE-2022-24860
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
databasir_project
- databasir