High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Apache Software Foundation–Apache SeaTunnel Web |
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue. | 2024-07-30 | 9.1 | CVE-2023-48396 security@apache.org security@apache.org |
n/a–n/a |
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. | 2024-07-29 | 9.1 | CVE-2024-28805 cve@mitre.org |
n/a–n/ […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |