CVE-2023-27584

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 19, 2024
Updated: Sep 25, 2024
CWE ID 321
CWE ID 798

Summary

CVE-2023-27584 is a critical vulnerability affecting the Dragonfly open-source P2P file distribution and image acceleration system, which is part of the Cloud Native Computing Foundation. The issue arises from a hard-coded secret key used in JWT for user verification, allowing attackers to bypass authentication and execute actions with admin privileges. This vulnerability has been assigned a CVSS score of 9.8, indicating a high potential for confidentiality, integrity, and availability impacts. To mitigate this risk, all users are strongly advised to upgrade to release version 2.0.9, as there are no known workarounds available. Affected products include various versions identified as yxEO1c through yxDq8N.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share