CVE-2024-13111
Published: 02 January 2025
Summary
CVE-2024-13111 is a medium-severity Improper Authentication (CWE-287) vulnerability in Kaoshifeng Yunfan Learning Examination System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).
Deeper analysis
CVE-2024-13111 is a critical improper authentication vulnerability (CWE-287) affecting Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2. The issue resides in an unknown functionality within the JWT Token Handler component, specifically the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl. It has a CVSS v3.1 base score of 5.6 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating medium severity despite the critical classification, and was published on 2025-01-02.
Remote attackers with no privileges required can exploit this vulnerability through manipulation leading to improper authentication. The attack complexity is high, and exploitation is considered difficult, but it can be launched remotely with low impacts on confidentiality, integrity, and availability.
Advisories and details are available via VulDB entries (ctiid.289927, id.289927, submit.467701) and GitHub issues in the qiutiandefeng/yfexam-exam repository (issues/6 and issue comment #2754680012), where the exploit has been publicly disclosed and may be used. No specific patch or mitigation details are outlined in the primary sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51352
Vulnerability details
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper…
more
authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authentication flaw in JWT handler of public-facing web app directly enables remote exploitation for unauthorized access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and timely remediation of software flaws like the improper authentication vulnerability in the JWT Token Handler.
Mandates proper management, verification, and strength requirements for authenticators such as JWT tokens to prevent improper authentication exploitation.
Enforces cryptographic protection, binding, and authenticity verification for session identifiers like JWT tokens against remote manipulation.