CVE-2024-8135
low-risk
Published 2024-08-24
A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.
Do I need to act?
-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10
Medium
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Gotribe
Affected Vendors
References (6)
Issue Tracking
https://github.com/Go-Tribe/gotribe/issues/1
Permissions Required
https://vuldb.com/?ctiid.275706
Permissions Required
https://vuldb.com/?id.275706
Third Party Advisory
https://vuldb.com/?submit.396310
26
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal