Lucene search

Veracode Vulnerability DatabaseVERACODE:43572

HistoryOct 06, 2023 - 12:25 p.m.

Authentication Bypass

2023-10-0612:25:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

charmbracelet

soft-serve

vulnerability

public key

unauthorized actions

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.0%

JSON

github.com/charmbracelet/soft-serve is vulnerable to Authentication Bypass. The vulnerability exists when the public key setting allow-keyless is true which allows an attacker to perform unauthorized actions.

References

github.com/advisories/GHSA-mc97-99j4-vm2v

github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89

github.com/charmbracelet/soft-serve/issues/389

github.com/charmbracelet/soft-serve/releases/tag/v0.6.2

github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

58.0%

JSON

Related for VERACODE:43572