CVE-2022-2818

Name of the Vulnerable Software and Affected Versions Cockpit Content Platform versions prior to 2.2.2

Description The issue concerns the improper removal of sensitive information before storage or transfer, and it also involves a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after a user logs into their account, allowing an attacker to bypass the 2FA code.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and JWT tokens to minimize the risk of exploitation. Avoid using the affected JWT token until the issue is resolved.