CVE-2024-10141

MEDIUM Year: 2024
CVSS v3 Score
8.1
High
CVSS v2 Score
2.6
Low
Weakness Type
CWE-341
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2020-5365

HIGH
CVSS:7.5(High)

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account ...

CWE-3412020

CVE-2023-49259

HIGH
CVSS:7.5(High)

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

CWE-3412023

CVE-2019-6563

CRITICAL
CVSS:9.8(Critical)

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.

CWE-3412019

CVE-2020-1731

CRITICAL
CVSS:9.8(Critical)

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password rem...

CWE-3412020

CVE-2019-6563

CRITICAL
CVSS:9.8(Critical)

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.

CWE-3412019

CVE-2020-1731

CRITICAL
CVSS:9.8(Critical)

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password rem...

CWE-3412020