CVE-2022-25510
on github
Published
Severity
CVSS v3:
8.8 HIGH
CVSS v2:
6.5 MEDIUM
Description
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:freetakserver-ui_project:freetakserver-ui:1.9.8:*:*:*:*:*:*:* | n/a | n/a | 1.9.8 |