CVE-2024-8297 — MEDIUM (5.3)

Vulnerability Description

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Kitsada8621	Digital Library Management System	1.0

Related Weaknesses (CWE)

CWE-117 CWE-116

References

https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336bPatch
https://github.com/kitsada8621/Digital-Library-Management-System/issues/1Issue TrackingProduct
https://vuldb.com/?ctiid.276072Permissions RequiredVDB Entry
https://vuldb.com/?id.276072Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.394613Third Party AdvisoryVDB Entry

FAQ

What is CVE-2024-8297?

CVE-2024-8297 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_...

How severe is CVE-2024-8297?

CVE-2024-8297 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8297?

Check the references section above for vendor advisories and patch information. Affected products include: Kitsada8621 Digital Library Management System.