travels-java-api JWT Hard-Coded Key
CVE-2024-10920 Published on November 6, 2024
mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key
A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the component JWT Secret Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
Products Associated with CVE-2024-10920
Want to know whenever a new CVE is published for Mariazevedo88 Travels Java Api? stack.watch will email you.
Affected Versions
mariazevedo88 travels-java-api:- Version 5.0.0 is affected.
- Version 5.0.1 is affected.
- Version 5.0.0 is affected.
- Version 5.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.