QwikSec

Security Database

CVE

CWE

Training

CVE-2024-8135

Published: Aug 24, 2024

Modified: Aug 26, 2024

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
Go-Tribe	gotribe	affected `cd3ccd32cd77852c9ea73f986eaf8c301cfb6310`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-275706 | Go-Tribe gotribe token.go Sign hard-coded credentials

vdb-entry

technical-description

VDB-275706 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #396310 | Go-Tribe gotribe None Hard-coded Credentials

third-party-advisory

https://github.com/Go-Tribe/gotribe/issues/1

issue-tracking

https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980

issue-tracking

https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.