CVE-2024-13111

Sažetak

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/qiutiandefeng/yfexam-exam/issues/6
https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012
https://vuldb.com/?ctiid.289927
https://vuldb.com/?id.289927
https://vuldb.com/?submit.467701
https://github.com/qiutiandefeng/yfexam-exam/issues/6
https://github.com/qiutiandefeng/yfexam-exam/issues/6#issue-2754680012

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

02-01-2025 - 17:15

Objavljeno

02-01-2025 - 14:15