A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-04T15:40:34

Updated: 2024-08-04T04:39:20.701Z

Reserved: 2021-12-20T00:00:00

Link: CVE-2021-45389

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-04T16:15:09.727

Modified: 2024-11-21T06:32:09.183

Link: CVE-2021-45389

cve-icon Redhat

No data.