CVE-2020-36569

Summary

Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

Affected Software

VendorProductVersion RangeStatus
github.com/nanobox-io/golang-nanoauthgithub.com/nanobox-io/golang-nanoauth0.0.0-20160722212129-ac0cc4484ad4 < 0.0.0-20200131131040-063a3fb69896affected

Weaknesses

  • CWE-305: Authentication Bypass by Primary Weakness

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References