Lucene search
Veracode Vulnerability DatabaseVERACODE:47507HistoryJun 13, 2024 - 5:43 a.m.
Improper Authentication
2024-06-1305:43:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
authentication
json web token
submarineconfvars
org.apache.submarine:submarine-commons-utils is vulnerable to Improper Authentication. The vulnerability is caused by a hard-coded JSON Web Token (JWT) key (SUBMARINE_SECRET_12345678901234567890) within SubmarineConfVars.java, which allows attackers to generate unauthorized JWT tokens, bypass authentication, and potentially gain access to sensitive data and functionality.
| CPE | Name | Operator | Version |
|---|---|---|---|
| submarine: commons utils | le | 0.8.0 | |
| submarine: commons utils | le | 0.8.0 |
References
www.openwall.com/lists/oss-security/2024/06/12/2
github.com/advisories/GHSA-jwcg-wv5x-vg3g
github.com/apache/submarine/commit/7a1d551798c6785fc68fe028fc46f74c3ee6976d
github.com/apache/submarine/pull/1125
issues.apache.org/jira/browse/SUBMARINE-1417
lists.apache.org/thread/7mo0c7vbhpo8thvybl8wwvb0bccrg7r4
Related
osv
osv
Apache Submarine Commons Utils has a hard-coded secret
2024-06-12 15:31:44
vulnrichment
vulnrichment
CVE-2024-36264 Apache Submarine Commons Utils: default secret
2024-06-12 14:06:31
cve
cve
CVE-2024-36264
2024-06-12 14:15:11
nvd
nvd
CVE-2024-36264
2024-06-12 14:15:11
cvelist
cvelist
CVE-2024-36264 Apache Submarine Commons Utils: default secret
2024-06-12 14:06:31
github
github
Apache Submarine Commons Utils has a hard-coded secret
2024-06-12 15:31:44