CVE-2024-53356

Name of the Vulnerable Software and Affected Versions EasyVirt DCScope versions 8.6.0 and earlier CO2Scope versions 1.3.0 and earlier

Description The issue allows remote attackers to generate JSON Web Tokens (JWTs) for privilege escalation due to a weak JWT secret. The HMAC secret used for generating tokens is hardcoded, posing a risk as attackers can use the predictable secret to create valid tokens, allowing access to important information and actions within the application.

Recommendations For EasyVirt DCScope versions 8.6.0 and earlier, update to a version that uses a secure HMAC secret. For CO2Scope versions 1.3.0 and earlier, update to a version that uses a secure HMAC secret. As a temporary workaround, consider restricting access to sensitive information and actions within the application to minimize the risk of exploitation.