{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8297", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-08-29T06:01:30.392Z", "datePublished": "2024-08-29T12:31:11.351Z", "dateUpdated": "2024-08-29T13:11:08.916Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-29T12:31:11.351Z"}, "title": "kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-117", "lang": "en", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "affected": [{"vendor": "kitsada8621", "product": "Digital Library Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in kitsada8621 Digital Library Management System 1.0 ausgemacht. Es geht dabei um die Funktion JwtRefreshAuth der Datei middleware/jwt_refresh_token_middleware.go. Mittels dem Manipulieren des Arguments Authorization mit unbekannten Daten kann eine improper output neutralization for logs-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 81b3336b4c9240f0bf50c13cb8375cf860d945f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-08-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-08-29T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-08-29T08:06:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zihe (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.276072", "name": "VDB-276072 | kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.276072", "name": "VDB-276072 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.394613", "name": "Submit #394613 | kitsada8621 Digital-Library-Management-System 1.0 Improper Output Neutralization for Logs", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1", "tags": ["patch"]}]}, "adp": [{"affected": [{"vendor": "kitsada8621", "product": "digital_library_management_system", "cpes": ["cpe:2.3:a:kitsada8621:digital_library_management_system:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T13:07:33.496347Z", "id": "CVE-2024-8297", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T13:11:08.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8297", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-29T13:07:33.496347Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kitsada8621:digital_library_management_system:1.0:*:*:*:*:*:*:*"], "vendor": "kitsada8621", "product": "digital_library_management_system", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T13:10:53.421Z"}}], "cna": {"title": "kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs", "credits": [{"lang": "en", "type": "reporter", "value": "zihe (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "kitsada8621", "product": "Digital Library Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-08-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-08-29T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-08-29T08:06:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.276072", "name": "VDB-276072 | kitsada8621 Digital Library Management System jwt_refresh_token_middleware.go JwtRefreshAuth neutralization for logs", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.276072", "name": "VDB-276072 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.394613", "name": "Submit #394613 | kitsada8621 Digital-Library-Management-System 1.0 Improper Output Neutralization for Logs", "tags": ["third-party-advisory"]}, {"url": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in kitsada8621 Digital Library Management System 1.0 ausgemacht. Es geht dabei um die Funktion JwtRefreshAuth der Datei middleware/jwt_refresh_token_middleware.go. Mittels dem Manipulieren des Arguments Authorization mit unbekannten Daten kann eine improper output neutralization for logs-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 81b3336b4c9240f0bf50c13cb8375cf860d945f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-29T12:31:11.351Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8297", "state": "PUBLISHED", "dateUpdated": "2024-08-29T13:11:08.916Z", "dateReserved": "2024-08-29T06:01:30.392Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-08-29T12:31:11.351Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kitsada8621:digital_library_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1405CD5-ECA2-4027-B5A3-89E60FDF28E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en kitsada8621 Digital Library Management System 1.0. Se ha clasificado como problem\u00e1tica. La funci\u00f3n afectada es JwtRefreshAuth del archivo middleware/jwt_refresh_token_middleware.go. La manipulaci\u00f3n del argumento Authorization provoca una neutralizaci\u00f3n incorrecta de la salida de los registros. Es posible lanzar el ataque de forma remota. El nombre del parche es 81b3336b4c9240f0bf50c13cb8375cf860d945f1. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2024-8297", "lastModified": "2024-08-30T15:28:50.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-08-29T13:15:07.370", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Product"], "url": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.276072"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.276072"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.394613"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-117"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}