CVE-2022-25510

FreeTAKTeam/FreeTakServer
on github

Published

Severity

CVSS v3:
8.8 HIGH
CVSS v2:
6.5 MEDIUM

Description

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:freetakserver-ui_project:freetakserver-ui:1.9.8:*:*:*:*:*:*:*n/an/a1.9.8

External Links