How severe is CVE-2023-27584?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-27584?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2023-27584 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2016-4437

CRITICAL

CVSS:9.8(Critical)

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unsp...

CWE-3212016

CVE-2017-14021

CRITICAL

CVSS:9.8(Critical)

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G v...

CWE-3212017

CVE-2018-0040

CRITICAL

CVSS:9.8(Critical)

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized acc...

CWE-3212018

CVE-2019-19750

CRITICAL

CVSS:9.8(Critical)

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.

CWE-3212019

CVE-2019-19752

CRITICAL

CVSS:9.8(Critical)

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as o...

CWE-3212019

CVE-2020-6990

CRITICAL

CVSS:9.8(Critical)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic ...

CWE-3212020