CVE-2024-25189 | libjwt 1.15.3 strcmp timing discrepancy

Inserito da Angelo Barbosa | Feb 8, 2024 | CVE

A vulnerability has been found in libjwt 1.15.3 and classified as problematic. Affected by this vulnerability is the function strcmp. The manipulation leads to observable timing discrepancy.

This vulnerability is known as CVE-2024-25189. The attack can only be done within the local network. There is no exploit available.

CVE-2024-25189 | libjwt 1.15.3 strcmp timing discrepancy

Post correlati

CVE-2023-6502 | GitLab Community Edition/Enterprise Edition up to 16.10.5/16.11.2/17.0.0 Wiki resource consumption (Issue 433534)

CVE-2024-7569 | Ivanti Neurons for ITSM up to 2023.2/2023.3/2023.4 OIDC Client Secret unknown vulnerability

CVE-2024-20415 | Cisco Firepower Management Center up to 7.2.5.2 cross site scripting (cisco-sa-fmc-xss-dhJxQYZs)

CVE-2023-36235 | Webkul QloApps up to 1.5.x id_order information disclosure