Home > Vulnerability Database > CVE-2024-8135

Mend.io Vulnerability Database

CVE-2024-8135

Date: August 24, 2024

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue.

Language: Go

Severity Score

6.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8135

Url: https://vuldb.com/?id.275706

Url: https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980

Url: https://vuldb.com/?ctiid.275706

Url: https://vuldb.com/?submit.396310

Url: https://github.com/Go-Tribe/gotribe/issues/1

Url: https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f

Url: https://www.mend.io/vulnerability-database/CVE-2024-8135

Severity Score

6.3

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.8
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8135

Date: August 24, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?