CVE-2020-36911

Covenant 0.5 - Remote Code Execution (RCE)

CVSS 9.3 CRITICALEPSS 10.4%CWE-798

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Cobbr · Covenant

public PoCs found — 3

cve_referencegithub.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rbunverified cve_referenceweb.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-huntersunverified cve_referencewww.exploit-db.com/exploits/51141unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cobbr.io/Covenant.html https://github.com/cobbr/Covenant https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344 https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters https://www.exploit-db.com/exploits/51141 https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce