CVE-2024-8135

Name: CVE-2024-8135
Creator: NVD / NIST
Published: 2024-08-24T22:15:13.827+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.55%

Last modified Jun 17, 2026

CVE-2024-8135 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

5.3/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.55%

41.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Gotribe	Gotribe	< 2024-08-23

References

https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18fPatch
https://github.com/Go-Tribe/gotribe/issues/1Issue Tracking
https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980Issue Tracking
https://vuldb.com/?ctiid.275706Permissions Required, VDB Entry
https://vuldb.com/?id.275706Permissions Required, VDB Entry
https://vuldb.com/?submit.396310Third Party Advisory, VDB Entry

Timeline

Published: Aug 24, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-8135?

How severe is CVE-2024-8135?

CVE-2024-8135 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2024-8135?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-8135?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST