PT-2023-12162 · Mosn · Mosn

Ruil1N

·

Publicado

2023-02-17

·

Atualizado

2025-03-18

·

CVE-2021-32163

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MOSN versions prior to 0.23.0
Description The issue allows an attacker to escalate privileges via case-sensitive JWT authorization, potentially leading to unauthorized access. This is related to an authentication vulnerability.
Recommendations For MOSN versions prior to 0.23.0, update to version 0.23.0 or later to resolve the issue. As a temporary workaround, consider restricting access to JWT authorization until the update is applied.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-178CWE-863

Identificadores relacionados

CVE-2021-32163
GHSA-5VX9-J5CW-47VQ
GO-2023-1582

Produtos afetados

Mosn