{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-36569","assignerOrgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","state":"PUBLISHED","assignerShortName":"Go","dateReserved":"2022-07-29T19:15:54.024Z","datePublished":"2022-12-27T21:12:58.427Z","dateUpdated":"2025-04-11T23:03:20.527Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bb62c36-49e3-4200-9d77-64a1400537cc","shortName":"Go","dateUpdated":"2023-06-12T19:03:21.447Z"},"title":"Authentication bypass in github.com/nanobox-io/golang-nanoauth","descriptions":[{"lang":"en","value":"Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token."}],"affected":[{"vendor":"github.com/nanobox-io/golang-nanoauth","product":"github.com/nanobox-io/golang-nanoauth","collectionURL":"https://pkg.go.dev","packageName":"github.com/nanobox-io/golang-nanoauth","versions":[{"version":"0.0.0-20160722212129-ac0cc4484ad4","lessThan":"0.0.0-20200131131040-063a3fb69896","status":"affected","versionType":"semver"}],"programRoutines":[{"name":"Auth.ServeHTTP"},{"name":"Auth.ListenAndServeTLS"},{"name":"Auth.ListenAndServe"},{"name":"ListenAndServe"},{"name":"ListenAndServeTLS"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-305: Authentication Bypass by Primary Weakness"}]}],"references":[{"url":"https://github.com/nanobox-io/golang-nanoauth/pull/5"},{"url":"https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3"},{"url":"https://pkg.go.dev/vuln/GO-2020-0004"}],"credits":[{"lang":"en","value":"@bouk"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:30:08.318Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/nanobox-io/golang-nanoauth/pull/5","tags":["x_transferred"]},{"url":"https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3","tags":["x_transferred"]},{"url":"https://pkg.go.dev/vuln/GO-2020-0004","tags":["x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.1,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-11T23:02:56.976522Z","id":"CVE-2020-36569","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-11T23:03:20.527Z"}}]}}