CVE-2026-28678

EPSS 0.17%
Veröffentlicht 07.03.2026 16:06:51
Zuletzt bearbeitet 11.03.2026 17:35:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

dsa-hub-server: Clear-Text Storage of Sensitive Data

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Toxicbishop ≫ Dsa Study Hub SwPlatformnode.js Version < 2026-02-21

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.06

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://github.com/toxicbishop/DSA-with-tsx/security/advisories/GHSA-vmxr-562h-rcgg

Vendor Advisory

https://github.com/toxicbishop/DSA-with-tsx/commit/d527fba3b3c15f185b9d1e730322dff9248391e4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-28678

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-28678

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-28678

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-28678