CVE-2024-8297
Last modified
CVE-2024-8297 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kitsada8621 | Digital Library Management System | 1.0 |
References
- https://github.com/kitsada8621/Digital-Library-Management-System/issues/1Issue Tracking, Product
- https://vuldb.com/?ctiid.276072Permissions Required, VDB Entry
- https://vuldb.com/?id.276072Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.394613Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-8297?
How severe is CVE-2024-8297?
How do I fix CVE-2024-8297?
Are you affected by CVE-2024-8297?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST