A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.
History

Tue, 27 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Gotribe
Gotribe gotribe
CPEs cpe:2.3:a:gotribe:gotribe:*:*:*:*:*:*:*:*
Vendors & Products Gotribe
Gotribe gotribe

Mon, 26 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 24 Aug 2024 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.
Title Go-Tribe gotribe token.go Sign hard-coded credentials
Weaknesses CWE-798
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:A/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-24T21:31:04.333Z

Updated: 2024-08-26T17:29:08.496Z

Reserved: 2024-08-23T18:33:29.992Z

Link: CVE-2024-8135

cve-icon Vulnrichment

Updated: 2024-08-26T17:28:45.716Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-24T22:15:13.827

Modified: 2024-08-27T15:41:47.080

Link: CVE-2024-8135

cve-icon Redhat

No data.