CVE-2023-22495
CRITICALmaif izanami < 1.11.0 - Authentication Bypass via Hardcoded JWT Secret
Title source: llmDescription
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/MAIF/izanami/security/advisories/GHSA-9r7j-m337-792c
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/MAIF/izanami/releases/tag/v1.11.0
Scores
CVSS v3
9.8
EPSS
0.0115
EPSS Percentile
62.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-288
CWE-798
Status
published
Products (1)
maif/izanami
< 1.11.0
Published
Jan 14, 2023
Tracked Since
Feb 18, 2026