CVE-2024-8005

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 20, 2024

CWE ID 798

Summary

CVE-2024-8005 is a newly disclosed critical vulnerability affecting demozx gf_cms versions 1.0 and 1.0.1. The issue lies within the init function of the file internal/logic/auth/auth.go in the JWT Authentication component. An attacker can exploit this vulnerability by manipulating the input, resulting in the exposure of hard-coded credentials. Since the exploit has been made public, remote attacks are possible. To mitigate this risk, it is strongly recommended to upgrade to version 1.0.2 and apply the patch be702ada7cb6fdabc02689d90b38139c827458a5.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/x6ThT9
https://www.cve.org/CVERecord?id=CVE-2024-8005
https://nvd.nist.gov/vuln/detail/CVE-2024-8005

Back to Vulnerability Database

CVE-2024-8005

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations