Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-14T00:47:28.134Z

Updated: 2024-08-02T10:13:48.490Z

Reserved: 2022-12-29T17:41:28.090Z

Link: CVE-2023-22495

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-14T01:15:15.300

Modified: 2024-11-21T07:44:55.390

Link: CVE-2023-22495

cve-icon Redhat

No data.