Primary

Context

HCL DevOps Loop Improper Authentication Vulnerability Allowing Token Misuse

Vulnerability

A vulnerability exists in HCL DevOps Loop version 1.0.2 due to improper authentication in the API authentication middleware. This flaw allows authentication tokens to be accepted without adequate validation of their expiration and cryptographic signature. Consequently, an attacker could exploit this issue by using expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive resources and the ability to perform actions with elevated privileges.

Remediation

Users are advised to upgrade to HCL DevOps Loop version 1.0.3.

Added: Nov 5, 2025, 11:17 PM

Updated: Nov 5, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL DevOps Loop Improper Authentication Vulnerability Allowing Token Misuse

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating