CVE-2020-36569

Authentication bypass in github.com/nanobox-io/golang-nanoauth

CVSS 9.1 CRITICALEPSS 0.8%

Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Productos afectados

github.com/nanobox-io/golang-nanoauth · github.com/nanobox-io/golang-nanoauth

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3 https://github.com/nanobox-io/golang-nanoauth/pull/5 https://pkg.go.dev/vuln/GO-2020-0004