CVE-2020-36911 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attacker…
Critical CVSS: 9.3

CVE-2020-36911

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.
Vendor
Cobbr
Product
Covenant
CWE
CWE-798
Yayın Tarihi
2026-01-13 23:15:48
Güncelleme
2026-01-29 00:56:25
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-798 Covenant CRITICAL Cobbr 2026

Referanslar

https://cobbr.io/Covenant.html https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb https://github.com/cobbr/Covenant https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344 https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters https://www.exploit-db.com/exploits/51141 https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters