How severe is CVE-2024-8297?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-8297?

This is classified as CWE-117, which is a common weakness in software security.

CVE-2024-8297 - MEDIUM Severity | CVSS 7.5

Vulnerability Description

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.

Related Vulnerabilities

CVE-2020-25646

HIGH

CVSS:7.5(High)

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CWE-1172020

CVE-2024-47083

HIGH

CVSS:7.5(High)

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive...

CWE-1172024

CVE-2024-9606

HIGH

CVSS:7.5(High)

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key...

CWE-1172024

CVE-2019-14846

HIGH

CVSS:7.3(High)

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin ...

CWE-1172019

CVE-2019-14858

HIGH

CVSS:7.3(High)

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to...

CWE-1172019

CVE-2024-32474

HIGH

CVSS:7.3(High)

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs...

CWE-1172024