← Retour aux CVEs

CVE-2023-22495

CRITICAL

9.8

Description

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/14/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

maif:izanami

Faiblesses (CWE)

CWE-288CWE-798

References

https://github.com/MAIF/izanami/releases/tag/v1.11.0(security-advisories@github.com)

https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792c(security-advisories@github.com)

https://github.com/MAIF/izanami/releases/tag/v1.11.0(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792c(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.