CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://cobbr.io/Covenant.html
https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb
https://github.com/cobbr/Covenant
https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344
https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters
https://www.exploit-db.com/exploits/51141
https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce