How severe is CVE-2024-10920?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-10920?

This is classified as CWE-320, which is a common weakness in software security.

CVE-2024-10920 - LOW Severity | CVSS 3.7

Vulnerability Description

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key . The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2016-1000346

LOW

CVSS:3.7(Low)

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other par...

CWE-3202016

CVE-2025-5164

MEDIUM

CVSS:3.7(Low)

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-...

CWE-3202025

CVE-2019-1586

MEDIUM

CVSS:4.6(Medium)

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affect...

CWE-3202019

CVE-2018-7534

MEDIUM

CVSS:4.7(Medium)

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory.

CWE-3202018

CVE-2016-2217

MEDIUM

CVSS:5.3(Medium)

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.

CWE-3202016

CVE-2018-7559

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in ...

CWE-3202018