Klapp App JSON Web Token karkar ndiyamga taƙa

CVSS Meta Temp ScoreGarga na exploit ndiyam (≈)CTI Nganji Score
3.7$0-$5k0.00

Gundumabayani

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin Klapp App. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, JSON Web Token Handler na cikin sashi. Ngam manipulation shi karkar ndiyamga taƙa. Wannan rauni ana sayar da shi da suna CVE-2020-36533. Ngam yiɗi ka a tuma ndiyam ka internet. Ba exploit ɗin da ake da shi. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Furɗebayani

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin Klapp App. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, JSON Web Token Handler na cikin sashi. Ngam manipulation shi karkar ndiyamga taƙa. CWE shidin ka a yi bayani matsala sai ya kai CWE-287. Bug ɗin an gano shi 08/18/2020. Gaskiya, laifi an fitar da shi 09/07/2020 ta Sven Fassbender da modzero AG a matsayin Knapp daneben ist auch vorbei a matsayin Gargaaji (Webseite). Advisory ɗin ana rabawa don saukewa a modzero.com. Wuro public release an kaɗi vendor an kaɗi.

Wannan rauni ana sayar da shi da suna CVE-2020-36533. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ba ga. Kari gamji na kai hari ya fi girma. Wuro kaɗa a yi amfani da shi da sauki. Wannan vulnerability ɗin ba shi da yawa sosai. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro.

Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Kayanbayani

Ngilabe

Sunu

CPE 2.3bayani

CPE 2.2bayani

CVSSv4bayani

VulDB Furɗo: 🔍
VulDB Gaskiya: 🔍

CVSSv3bayani

VulDB Meta Base Score: 3.7
VulDB Meta Temp Score: 3.7

VulDB Ganda Borno: 3.7
VulDB Temp Score: 3.7
VulDB Furɗo: 🔍
VulDB Gaskiya: 🔍

CVSSv2bayani

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VektarKumpleksitiAuthentisierungKariyandiGaskiyaGashina
furufurufurufurufurufuru
furufurufurufurufurufuru
furufurufurufurufurufuru

VulDB Ganda Borno: 🔍
VulDB Temp Score: 🔍
VulDB Gaskiya: 🔍

Gargajiyabayani

Klasu: Karkar ndiyamga taƙa
CWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍

Fizikal: Ayi
Gumti: Ayi
Gana: Ee

Gashina: 🔍
Halitta: A wondi feere

EPSS Score: 🔍
EPSS Percentile: 🔍

Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔍

0-Dayfurufurufurufuru
Lalefurufurufurufuru

Bayani na barazanabayani

Ngam: 🔍
Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍

Kari gamjibayani

Garga: Kumari ndiyam shikena
Halitta: 🔍

0-Day Gana: 🔍

Waktin layibayani

08/18/2020 🔍
08/19/2020 +1 Hənde 🔍
08/21/2020 +2 Hənde 🔍
09/07/2020 +17 Hənde 🔍
09/07/2020 +0 Hənde 🔍
06/03/2022 +634 Hənde 🔍

Ngizimbayani

Gargaaji: Knapp daneben ist auch vorbei
Ngamti: Sven Fassbender
Kampani: modzero AG
Halitta: Gaskiya
Gandamɗo: 🔍

CVE: CVE-2020-36533 (🔍)
GCVE (CVE): GCVE-0-2020-36533
GCVE (VulDB): GCVE-100-160763
Gana kuma: 🔍

Gumtibayani

Súgá: 09/07/2020 13:09
Gargadi: 06/03/2022 20:36
Goyarwa: 09/07/2020 13:09 (46), 09/07/2020 13:36 (2), 06/03/2022 20:36 (2)
Gadankam: 🔍
Cache ID: 253:54F:103

Ganaaji

 klapp (+0)
3 Shettima 전
Upon being alerted to the vulnerability on August 18, 2020, Klapp swiftly contacted modzero AG to discuss necessary actions. Klapp confirmed and remedied the authorization code vulnerability by August 24, 2020. This issue, classified as non-public zero-day exploit for at 6 days, affected the authorization component isolated to members of a class, leading to a potential information disclosure. We emphasize that the security and privacy of our users are our top priorities. We have taken immediate action to mitigate this vulnerability and have enhanced our systems to prevent similar issues in the future.

GurɗoGumtiGada

Interested in the pricing of exploits?

See the underground prices here!