Insecure Storage of Sensitive Information

CVE-2024-10943

High

9.1/10

Summary

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-922 - Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

Advisory Timeline

Published Nov 12, 2024

Insecure Storage of Sensitive Information

CVE-2024-10943

Summary

CWE-922 - Insecure Storage of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS