Skip to main content

Olivetin CVE-2026-30223

HIGH
Improper Authentication (CWE-287)
2026-03-06 security-advisories@github.com GHSA-g962-2j28-3cg9
8.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
PoC Detected
Mar 12, 2026 - 16:05 vuln.today
Public exploit code
Patch released
Mar 12, 2026 - 16:05 nvd
Patch available
CVE Published
Mar 06, 2026 - 21:16 nvd
HIGH 8.8

DescriptionGitHub Advisory

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured audience value (authJwtAud) is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted for authentication. This allows authentication using tokens intended for a different audience/service. This issue has been patched in version 3000.11.1.

AnalysisAI

OliveTin gives access to predefined shell commands from a web interface. [CVSS 8.8 HIGH]

Technical ContextAI

Classified as CWE-287 (Improper Authentication). Affects Olivetin. OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured audience value (authJwtAud) is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted for authentication. This allows authentication using tokens intended for a different audience/service. Thi

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 3000.11.1.. Restrict network access to the affected service where possible.

CVE-2026-27626 CRITICAL POC
9.9 Feb 25

OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to pr

CVE-2026-31817 HIGH POC
8.5 Mar 10

Arbitrary file write in OliveTin prior to 3000.11.2 allows authenticated attackers to write files to arbitrary filesyste

CVE-2026-28342 HIGH POC
7.5 Mar 05

OliveTin versions prior to 3000.10.2 are vulnerable to unauthenticated denial of service through the PasswordHash API en

CVE-2026-28789 HIGH POC
7.5 Mar 05

OliveTin versions prior to 3000.10.3 are vulnerable to unauthenticated denial-of-service attacks when OAuth2 authenticat

CVE-2026-28790 HIGH POC
7.5 Mar 05

OliveTin versions prior to 3000.11.0 suffer from broken access control allowing unauthenticated users to invoke the Kill

CVE-2025-50946 MEDIUM POC
6.5 Aug 13

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/a

CVE-2026-30233 MEDIUM POC
6.5 Mar 06

OliveTin prior to version 3000.11.1 fails to enforce view permission checks on dashboard and API endpoints, allowing aut

CVE-2026-30224 MEDIUM POC
5.4 Mar 06

OliveTin prior to version 3000.11.1 fails to invalidate server-side sessions upon user logout, allowing attackers with a

CVE-2026-30225 MEDIUM POC
5.3 Mar 06

OliveTin versions prior to 3000.11.1 contain an authentication bypass in RestartAction that allows authenticated users t

CVE-2026-48708 HIGH POC
7.5 Jun 15

Concurrent action execution in OliveTin versions 3000.0.0 and prior triggers a race condition in a shared text/template.

CVE-2026-32102 MEDIUM
6.5 Mar 11

### Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subs

CVE-2026-48709 LOW POC
3.7 Jun 15

OliveTin's ValidateArgumentType RPC endpoint exposes action binding IDs and argument configurations to unauthenticated n

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-30223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy