CVE-2023-36649
Last modified
CVE-2023-36649 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Prolion | Cryptospike | 3.0.15 | P2 |
References
- https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649Exploit, Third Party Advisory
- https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-36649?
How severe is CVE-2023-36649?
How do I fix CVE-2023-36649?
Are you affected by CVE-2023-36649?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST