CVE-2023-36649

Published: Dec 12, 2023Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

Affected (1)

Products: Prolion: Cryptospike

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prolion Cryptospike	Version 3.0.15 p2

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.