Lucene search
Veracode Vulnerability DatabaseVERACODE:48283HistoryJul 31, 2024 - 8:55 a.m.
Authentication Bypass By Spoofing
2024-07-3108:55:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
apache seatunnel
authentication bypass
spoofing
jwt key
application security
user log-in
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.7
Confidence
High
Apache SeaTunnel is vulnerable to Authentication Bypass by Spoofing. The vulnerability is due to a hardcoded JWT key in the application, allowing an attacker to forge any token to log in as any user.
Related
osv
osv
Apache SeaTunnel Web Authentication vulnerability
2024-07-30 09:32:05
nvd
nvd
CVE-2023-48396
2024-07-30 09:15:02
vulnrichment
vulnrichment
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
2024-07-30 08:15:33
cvelist
cvelist
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
2024-07-30 08:15:33
github
github
Apache SeaTunnel Web Authentication vulnerability
2024-07-30 09:32:05
cve
cve
CVE-2023-48396
2024-07-30 09:15:02
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
6.7
Confidence
High
Related for VERACODE:48283