Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Keyrock
(Fiware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-12 | CVE-2024-42163 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | Keyrock | 8.1 | ||
| 2024-08-12 | CVE-2024-42164 | Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | Keyrock | 4.3 | ||
| 2024-08-12 | CVE-2024-42165 | Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | Keyrock | 5.4 | ||
| 2024-08-12 | CVE-2024-42166 | The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | Keyrock | 7.2 | ||
| 2024-08-12 | CVE-2024-42167 | The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | Keyrock | 7.2 |