CVE-2024-8297

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 29, 2024
Updated: Aug 30, 2024
CWE ID 116
CWE ID 117

Summary

CVE-2024-8297 identifies a vulnerability in the kitsada8621 Digital Library Management System version 1.0, specifically in the JwtRefreshAuth function within the middleware/jwt_refresh_token_middleware.go file. This issue arises from improper output neutralization for logs due to manipulation of the Authorization argument, allowing remote attacks with potential high integrity impact. To remediate this vulnerability, it is essential to apply the patch identified by commit hash 81b3336b4c9240f0bf50c13cb8375cf860d945f1. The vulnerability has a base severity rating of HIGH, with a score of 7.5 on the CVSS scale, indicating that it requires no authentication or user interaction for exploitation. Organizations using this system are at risk as attackers could exploit this flaw remotely without needing additional privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share