Description

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-09-19T22:54:40.045Z

Last Modified :

2024-09-26T03:55:52.647Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2023-27584 vulnerability.

Vendors Products
Dragonflyoss
  • Dragonfly2
Linuxfoundation
  • Dragonfly
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-27584.

URL Resource
https://github.com/dragonflyoss/Dragonfly2/releases/tag/v2.0.9 cve-icon cve-icon
https://github.com/dragonflyoss/Dragonfly2/security/advisories/GHSA-hpc8-7wpm-889w cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact