CVE-2023-36649

{"id": "CVE-2023-36649", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-12-12T01:15:10.123", "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36649", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication."}, {"lang": "es", "value": "La inserci\u00f3n de informaci\u00f3n confidencial en el sistema de registro centralizado (Grafana) en ProLion CryptoSpike 3.0.15P2 permite a atacantes remotos hacerse pasar por otros usuarios en la administraci\u00f3n web y la API REST leyendo tokens JWT de los registros (como un usuario autenticado de Granafa) o desde la API REST de Loki sin autenticaci\u00f3n."}], "lastModified": "2023-12-14T15:34:02.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}