Vulnerability Description
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maif | Izanami | < 1.11.0 |
Related Weaknesses (CWE)
References
- https://github.com/MAIF/izanami/releases/tag/v1.11.0Release NotesThird Party Advisory
- https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792cExploitThird Party Advisory
- https://github.com/MAIF/izanami/releases/tag/v1.11.0Release NotesThird Party Advisory
- https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792cExploitThird Party Advisory
FAQ
What is CVE-2023-22495?
CVE-2023-22495 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker...
How severe is CVE-2023-22495?
CVE-2023-22495 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-22495?
Check the references section above for vendor advisories and patch information. Affected products include: Maif Izanami.