Advisory ID: LVD-2024-012
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 6.1
Severity: Medium
CVE: CVE-2024-48952
CWE: CWE-288
Date Published: 2024-10-02
Description:
SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Comments
Article is closed for comments.