CNNVD-202601-1959 Information
CNNVD ID
CNNVD-202601-1959
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
Covenant是Ryan Cobb个人开发者的一个.NET框架。 Covenant 0.1.3版本至0.5版本存在信任管理问题漏洞,该漏洞源于攻击者可伪造具有管理员权限的恶意JWT令牌,可能导致远程代码执行。
Description (English)
Covenant is a.NET framework for Ryan Cobb’s personal developers. There is a confidence management gap in the Corvent 0.1.3 to 0.5 versions, which stems from the fact that the attackers can forge malicious JWT badges with administrator authority, which may lead to remote code enforcement.
Hazard Level
Low
Vulnerability Type
信任管理问题
Affected Vendor
个人开发者
Published
2026-01-13
Last Modified
2026-02-24
References
https://cobbr.io/Covenant.html https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb https://github.com/cobbr/Covenant https://twitter.com/cobbr_io/status/1316058367161401344 https://web.archive.org/web/20201013165001/ https://blog.null.farm/hunting-the-hunters https://web.archive.org/web/20201101052547/ https://www.exploit-db.com/exploits/51141 https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce
Patch
https://github.com/cobbr/Covenant/tags
Share on: