CVE-2024-13028

Exploit

EPSS 0.73%
Veröffentlicht 29.12.2024 23:15:06
Zuletzt bearbeitet 21.08.2025 17:37:02
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Antabot White-Jotter login observable response discrepancy

A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Antabot ≫ White-jotter Version <= 0.2.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.495

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md

Third Party Advisory

Exploit

Mitigation

https://vuldb.com/?ctiid.289721

VDB Entry

Permissions Required

https://vuldb.com/?id.289721

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.465924

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-13028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13028

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-13028