Rowboat
Monthly
Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.
Improper authentication in rowboatlabs rowboat (versions up to 0.1.67) allows remote unauthenticated attackers to bypass authentication by manipulating the X-Tools-JWE header in the tools_webhook component. The vulnerability enables unauthorized access with low confidentiality, integrity, and availability impact. A public exploit exists (CVSS E:P). The vendor did not respond to early disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.