{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11619", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-22T13:02:32.666Z", "datePublished": "2024-11-22T21:00:10.761Z", "dateUpdated": "2024-11-23T13:28:21.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-22T21:00:10.761Z"}, "title": "macrozheng mall JWT Token default key", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1394", "lang": "en", "description": "Use of Default Cryptographic Key"}]}], "affected": [{"vendor": "macrozheng", "product": "mall", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}], "modules": ["JWT Token Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in macrozheng mall bis 1.0.3 entdeckt. Dies betrifft einen unbekannten Teil der Komponente JWT Token Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of default cryptographic key-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-11-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-22T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-22T14:08:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "HeddaZhu (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.285842", "name": "VDB-285842 | macrozheng mall JWT Token default key", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.285842", "name": "VDB-285842 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.444666", "name": "Submit #444666 | macrozheng(https://github.com/macrozheng) mall(https://github.com/macrozheng/mall) <=1.0.3 Generation of Incorrect Security Tokens", "tags": ["third-party-advisory"]}, {"url": "https://github.com/macrozheng/mall/issues/880", "tags": ["issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-23T13:21:00.578663Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-23T13:28:21.380Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-23T13:21:00.578663Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-23T13:21:02.980Z"}}], "cna": {"title": "macrozheng mall JWT Token default key", "credits": [{"lang": "en", "type": "reporter", "value": "HeddaZhu (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "macrozheng", "modules": ["JWT Token Handler"], "product": "mall", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}]}], "timeline": [{"lang": "en", "time": "2024-11-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-11-22T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-11-22T14:08:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.285842", "name": "VDB-285842 | macrozheng mall JWT Token default key", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.285842", "name": "VDB-285842 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.444666", "name": "Submit #444666 | macrozheng(https://github.com/macrozheng) mall(https://github.com/macrozheng/mall) <=1.0.3 Generation of Incorrect Security Tokens", "tags": ["third-party-advisory"]}, {"url": "https://github.com/macrozheng/mall/issues/880", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in macrozheng mall bis 1.0.3 entdeckt. Dies betrifft einen unbekannten Teil der Komponente JWT Token Handler. Durch das Manipulieren mit unbekannten Daten kann eine use of default cryptographic key-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1394", "description": "Use of Default Cryptographic Key"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-22T21:00:10.761Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11619", "state": "PUBLISHED", "dateUpdated": "2024-11-23T13:28:21.380Z", "dateReserved": "2024-11-22T13:02:32.666Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-11-22T21:00:10.761Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation."}], "id": "CVE-2024-11619", "lastModified": "2024-11-22T21:15:17.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-11-22T21:15:17.500", "references": [{"source": "[email protected]", "url": "https://github.com/macrozheng/mall/issues/880"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.285842"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.285842"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.444666"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1394"}], "source": "[email protected]", "type": "Primary"}]}

{}