Lucene search

GitHub Advisory DatabaseGHSA-3J2F-58RQ-G6P7

HistoryOct 25, 2023 - 6:32 p.m.

Sureness uses hardcoded key

2023-10-2518:32:21

CWE-798

GitHub Advisory Database

github.com

dromara sureness

hardcoded key

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.

Affected configurations

Vulners

Node

com.usthe.sureness\surenessMatchcore

VendorProductVersionCPE
com.usthe.sureness\surenesscorecpe:2.3:a:com.usthe.sureness\:sureness:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.usthe.sureness\	sureness	core	cpe:2.3:a:com.usthe.sureness\:sureness:core::::::::

References

github.com/advisories/GHSA-3j2f-58rq-g6p7

github.com/dromara/sureness/commit/12987a72cbf1eabbca1e308ed1fe9445958aeca7

github.com/dromara/sureness/issues/164

github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md

nvd.nist.gov/vuln/detail/CVE-2023-31581

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.4%

JSON

Related for GHSA-3J2F-58RQ-G6P7