Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-8005

Good to know:

icon

Date: August 20, 2024

A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. The patch is named be702ada7cb6fdabc02689d90b38139c827458a5. It is recommended to upgrade the affected component.

Language: Go

Severity Score

Related Resources (9)

https://vuldb.com/?id.275199
https://github.com/demozx/gf_cms/commit/be702ada7cb6fdabc02689d90b38139c827458a5
https://github.com/demozx/gf_cms/commit/de51cc57a96ccca905c837ef925c2cc3a5241383
https://nvd.nist.gov/vuln/detail/CVE-2024-8005
https://vuldb.com/?ctiid.275199
https://github.com/demozx/gf_cms/issues/5#issuecomment-2296590417
https://github.com/demozx/gf_cms/issues/5
https://vuldb.com/?submit.393981
https://www.mend.io/vulnerability-database/CVE-2024-8005

Severity Score

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

Top Fix

icon

Upgrade Version

Upgrade to version be702ada7cb6fdabc02689d90b38139c827458a5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us