CVE-2023-27584

Summary

CVE-2023-27584 is a critical vulnerability affecting the Dragonfly open-source P2P file distribution and image acceleration system, which is part of the Cloud Native Computing Foundation. The issue arises from a hard-coded secret key used in JWT for user verification, allowing attackers to bypass authentication and execute actions with admin privileges. This vulnerability has been assigned a CVSS score of 9.8, indicating a high potential for confidentiality, integrity, and availability impacts. To mitigate this risk, all users are strongly advised to upgrade to release version 2.0.9, as there are no known workarounds available. Affected products include various versions identified as yxEO1c through yxDq8N.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.