CVE-2024-34706P2CRITICALCVSS 9.8fixed in 10.8.4·v>= 11.0.0, < 11.1.6+1 more2024-05-14
CVE-2024-34706 [CRITICAL] CWE-532 CVE-2024-34706: Valtimo is an open source business process and case management platform. When opening a form in Valt
Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in use
nvd