QwikSec

Security Database

CVE

CWE

Training

CVE-2024-8005

Published: Aug 20, 2024

Modified: Aug 20, 2024

PUBLISHED

CVSS v3.1

7.3

HIGH

Description

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.

Vendor	Product	Versions
demozx	gf_cms	affected `1.0` affected `1.0.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-275199 | demozx gf_cms JWT Authentication auth.go init hard-coded credentials

vdb-entry

technical-description

VDB-275199 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #393981 | demozx gf_cms None Hard-coded Credentials

third-party-advisory

https://github.com/demozx/gf_cms/issues/5

exploit

issue-tracking

https://github.com/demozx/gf_cms/issues/5#issuecomment-2296590417

issue-tracking

https://github.com/demozx/gf_cms/commit/be702ada7cb6fdabc02689d90b38139c827458a5

patch

https://github.com/demozx/gf_cms/commit/de51cc57a96ccca905c837ef925c2cc3a5241383

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.