VDB-160763 · CVE-2020-36533 · GCVE-100-160763

Klapp App JSON Web Token karkar ndiyamga taƙa

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a Klapp App. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil $software_file, a cikin sashi JSON Web Token Handler. Wuro manipulation ga karkar ndiyamga taƙa. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-287. An gano kuskuren nan 08/18/2020. Lalle, rauni an sanar da shi 09/07/2020 daga Sven Fassbender tare da modzero AG da Knapp daneben ist auch vorbei da Gargaaji (Webseite). Ana samun bayanin tsaro don saukewa a modzero.com. Public release vendor an kaɗi an kaɗi. Ana kiran wannan rauni da CVE-2020-36533. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ba ga. Babu wani exploit da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 50 Datenpunkte

Furɗe	Súgá 09/07/2020 13:09	Gargadi 1/2 09/07/2020 13:36	Gargadi 2/2 06/03/2022 20:36
software_vendor	Klapp	Klapp	Klapp
software_name	App	App	App
software_component	JSON Web Token Handler	JSON Web Token Handler	JSON Web Token Handler
vulnerability_discoverydate	1597708800 (08/18/2020)	1597708800 (08/18/2020)	1597708800 (08/18/2020)
vulnerability_vendorinformdate	1597795200 (08/19/2020)	1597795200 (08/19/2020)	1597795200 (08/19/2020)
vulnerability_risk	1	1	1
vulnerability_historic	0	0	0
cvss2_vuldb_basescore	2.6	2.6	2.6
cvss2_vuldb_tempscore	2.6	2.6	2.6
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	3.7	3.7	3.7
cvss3_meta_tempscore	3.7	3.7	3.7
cvss3_vuldb_basescore	3.7	3.7	3.7
cvss3_vuldb_tempscore	3.7	3.7	3.7
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	H	H	H
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
advisory_date	1599436800 (09/07/2020)	1599436800 (09/07/2020)	1599436800 (09/07/2020)
advisory_location	Website	Website	Website
advisory_type	Advisory	Advisory	Advisory
advisory_url	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html	https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html
advisory_identifier	Knapp daneben ist auch vorbei	Knapp daneben ist auch vorbei	Knapp daneben ist auch vorbei
advisory_coordination	1	1	1
person_name	Sven Fassbender	Sven Fassbender	Sven Fassbender
company_name	modzero AG	modzero AG	modzero AG
advisory_reaction_date	1597968000 (08/21/2020)	1597968000 (08/21/2020)	1597968000 (08/21/2020)
advisory_disputed	0	0	0
price_0day	$0-$5k	$0-$5k	$0-$5k
source_seealso	160762	160762	160762
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	U	U	U
cvss2_vuldb_rc	C	C	C
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	U	U	U
cvss3_vuldb_rc	C	C	C
0day_days	20	20	20
advisory_falsepositive		0	0
vulnerability_cwe		CWE-287 (karkar ndiyamga taƙa)	CWE-287 (karkar ndiyamga taƙa)
source_cve			CVE-2020-36533
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!