CVE-2024-13028

A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md	Exploit Mitigation Third Party Advisory
https://vuldb.com/?ctiid.289721	Permissions Required VDB Entry
https://vuldb.com/?id.289721	Third Party Advisory VDB Entry
https://vuldb.com/?submit.465924	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:antabot:white-jotter:*:*:*:*:*:*:*:*

History

21 Aug 2025, 17:37

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad clasificada como problemática en Antabot White-Jotter hasta la versión 0.2.2. Este problema afecta a algunos procesos desconocidos del archivo /login. La manipulación del argumento username provoca una discrepancia observable en la respuesta. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que su explotación es difícil. El exploit se ha hecho público y puede utilizarse.
References	~~() https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md -~~	() https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md - Exploit, Mitigation, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.289721 -~~	() https://vuldb.com/?ctiid.289721 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.289721 -~~	() https://vuldb.com/?id.289721 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.465924 -~~	() https://vuldb.com/?submit.465924 - Third Party Advisory, VDB Entry
First Time		Antabot Antabot white-jotter
CPE		cpe:2.3:a:antabot:white-jotter::::::::

29 Dec 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-29 23:15

Updated : 2025-08-21 17:37

NVD link : CVE-2024-13028

Mitre link : CVE-2024-13028

CVE.ORG link : CVE-2024-13028

JSON object : View

Products Affected

antabot

white-jotter

CWE

CWE-203

Observable Discrepancy

CWE-204

Observable Response Discrepancy

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2024-13028

3.7^/10

2.6^/10

Attach tags to `CVE-2024-13028`