Skip to content

Latest commit

 

History

History
48 lines (45 loc) · 2.06 KB

CVE-2024-26566 English.md

File metadata and controls

48 lines (45 loc) · 2.06 KB

Title:

JWT Forgery

Description:

This product only verifies the username in JWT, rather than the password, allowing attackers to forge JWT to achieve passwordless arbitrary user login. Ultimately, this enables attackers to escalate privileges and use more functionalities, such as deletion, renaming, and other dangerous operations.

Affected Versions:

CuteHttpFileServer <=3.1(latest)

official website

http://iscute.cn/chfs

CVE Identifier:

CVE-2024-26566

CVSS Score:

8.0

Attack Vector:

Attackers set up a local environment, capture the specified user's Cookie, and then place it into the real environment to exploit the vulnerability.
For more details, please refer to the following links:
PDF :::info https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20JWT_Rename(English).pdf :::

WORD :::info https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20JWT_Rename(English).docx :::

md :::info https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20JWT_Rename(English).md :::

Fix Status:

No fix available at present.

Security Recommendations:

It is recommended to update with the latest patch and add password validation for JWT.

Further Exploitation:

Below is an example of exploiting the vulnerability by forging JWT and using high privileges to rename files and directory traversal to move files from any location to another.

Reference: :::info ods-im/CuteHttpFileServer#15 :::