Security Advisory

CVE-2023-36649

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-12 00:00:00

Last updated 2024-08-02 16:52:53

Assigner mitre

State PUBLISHED

Description

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication.

← Browse all CVEs View on cve.org ↗