CVE-2020-36911
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cobbr | Covenant | 0.1.3 <= 0.5 | affected |
Weaknesses
- CWE-798: Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
- https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb
- https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters
References
- https://www.exploit-db.com/exploits/51141
- https://cobbr.io/Covenant.html
- https://github.com/cobbr/Covenant
- https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters
- https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb
- https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344
- https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.