CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sbond:watcharr:*:*:*:*:*:*:*:*

History

14 Nov 2024, 20:40

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:sbond:watcharr:*:*:*:*:*:*:*:*
References () https://github.com/yamerooo123/CVE/tree/main/CVE-2024-50634 - () https://github.com/yamerooo123/CVE/tree/main/CVE-2024-50634 - Exploit
References () https://youtu.be/wnULru0WdtA - () https://youtu.be/wnULru0WdtA - Exploit
First Time Sbond watcharr
Sbond

13 Nov 2024, 15:35

Type Values Removed Values Added
CWE CWE-319
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
Summary
  • (es) Una vulnerabilidad en un token JWT débil en Watcharr v1.43.0 y versiones anteriores permite a los atacantes realizar una escalada de privilegios mediante un token JWT manipulado a medida. Esta vulnerabilidad no se limita a la escalada de privilegios, sino que también afecta a todas las funciones que requieren autenticación.

08 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-08 17:15

Updated : 2024-11-14 20:40


NVD link : CVE-2024-50634

Mitre link : CVE-2024-50634

CVE.ORG link : CVE-2024-50634


JSON object : View

Products Affected

sbond

  • watcharr
CWE
NVD-CWE-noinfo CWE-319

Cleartext Transmission of Sensitive Information