CVE-2023-22495

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-288
View all →

Vulnerability Description

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.

Related Vulnerabilities

CVE-2017-5174

CRITICAL
CVSS:9.8(Critical)

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectur...

CWE-2882017

CVE-2017-9944

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticate...

CWE-2882017

CVE-2018-17918

CRITICAL
CVSS:9.8(Critical)

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

CWE-2882018

CVE-2018-4852

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mech...

CWE-2882018

CVE-2018-8859

CRITICAL
CVSS:9.8(Critical)

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specifi...

CWE-2882018

CVE-2019-18250

CRITICAL
CVSS:9.8(Critical)

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authen...

CWE-2882019