PyPI package
freetakserver
pkg:pypi/freetakserver
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25510 | — | < 1.9.8.5 | 1.9.8.5 | Mar 10, 2022 | FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. | ||
| CVE-2022-25508 | — | < 1.9.8.5 | 1.9.8.5 | Mar 10, 2022 | An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. |
- CVE-2022-25510Mar 10, 2022affected < 1.9.8.5fixed 1.9.8.5
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
- CVE-2022-25508Mar 10, 2022affected < 1.9.8.5fixed 1.9.8.5
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.