CVE-2024-46508 | THREATINT

Description

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).

PUBLISHED Reserved 2024-09-11 | Published 2026-05-08 | Updated 2026-05-08 | Assigner mitre

References

github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-46507 exploit

rhinosecuritylabs.com/...erver-side-template-injection-ssti/

cve.org (CVE-2024-46508)

nvd.nist.gov (CVE-2024-46508)

Download JSON