Search criteria
2 vulnerabilities by klapp
CVE-2020-36533 (GCVE-0-2020-36533)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:35
VLAI
Title
Klapp App JSON Web Token improper authentication
Summary
A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely.
Severity
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.modzero.com/modlog/archives/2020/09/0… | x_refsource_MISC |
| https://vuldb.com/?id.160763 | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.160763"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:58.759949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:35:41.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "App",
"vendor": "Klapp",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sven Fassbender"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:44.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.160763"
}
],
"title": "Klapp App JSON Web Token improper authentication",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36533",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Klapp App JSON Web Token improper authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Klapp"
}
]
}
},
"credit": "Sven Fassbender",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.7",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html",
"refsource": "MISC",
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"name": "https://vuldb.com/?id.160763",
"refsource": "MISC",
"url": "https://vuldb.com/?id.160763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36533",
"datePublished": "2022-06-03T19:10:44.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:35:41.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36532 (GCVE-0-2020-36532)
Vulnerability from cvelistv5 – Published: 2022-06-03 19:10 – Updated: 2025-04-15 14:35
VLAI
Title
Klapp App Authorization Credentials information disclosure
Summary
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app.
Severity
4.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.modzero.com/modlog/archives/2020/09/0… | x_refsource_MISC |
| https://vuldb.com/?id.160762 | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.160762"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:02.528095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:35:51.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "App",
"vendor": "Klapp",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sven Fassbender"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-03T19:10:42.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.160762"
}
],
"title": "Klapp App Authorization Credentials information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2020-36532",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Klapp App Authorization Credentials information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "App",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Klapp"
}
]
}
},
"credit": "Sven Fassbender",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html",
"refsource": "MISC",
"url": "https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html"
},
{
"name": "https://vuldb.com/?id.160762",
"refsource": "MISC",
"url": "https://vuldb.com/?id.160762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2020-36532",
"datePublished": "2022-06-03T19:10:42.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:35:51.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}