How severe is CVE-2024-36111?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-36111?

This is classified as CWE-1259, which is a common weakness in software security.

CVE-2024-36111 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file reading logic, the key is empty during actual verification. Using an empty key to generate a JWT token can bypass the login verification and directly take over the back end. Version 1.8.0 contains a patch for this issue.

Related Vulnerabilities

CVE-2024-41948

MEDIUM

CVSS:5.0(Medium)

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token ...

CWE-12592024

CVE-2024-36533

CRITICAL

CVSS:9.8(Critical)

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CWE-12592024

CVE-2024-41948

MEDIUM

CVSS:5.0(Medium)

CWE-12592024