CVE-2023-26089

CVSS V2 None CVSS V3 None

Description

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.

Overview

CVE ID
CVE-2023-26089

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-02T20:15:10

Last Modified Date
2023-05-02T20:15:10

References

Reference URL	Reference Tags
https://iuclid6.echa.europa.eu
https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669
https://iuclid6.echa.europa.eu/download

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-26089
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26089

History

Created	Old Value	New Value	Data Type	Notes
2023-05-02 21:01:28				Added to TrackCVE