CVE-2024-34354

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CMSaaSStarter versions prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6

Description The issue concerns the verification of the user JWT Token on the server session.

Recommendations For versions prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6, apply the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 to your fork to resolve the issue.

Exploit

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2024-34354

GHSA-QGCJ-9RXF-RW7Q

Affected Products

Cmsaasstarter

CVE-2024-34354

Weakness Enumeration

Related Identifiers

Affected Products

References · 6