{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2024-58134","title":"Title"},{"category":"description","text":"Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default.\n\nThese predictable default secrets can be exploited by an attacker to forge session cookies.   An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2024-58134","url":"https://www.suse.com/security/cve/CVE-2024-58134"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1242840 for CVE-2024-58134","url":"https://bugzilla.suse.com/1242840"}],"title":"SUSE CVE CVE-2024-58134","tracking":{"current_release_date":"2025-12-19T00:53:40Z","generator":{"date":"2025-05-08T11:50:03Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2024-58134","initial_release_date":"2025-05-08T11:50:03Z","revision_history":[{"date":"2025-05-08T11:50:03Z","number":"2","summary":"Current version"},{"date":"2025-05-13T03:40:18Z","number":"3","summary":"Current version"},{"date":"2025-10-21T23:34:02Z","number":"4","summary":"Current version"},{"date":"2025-12-17T00:54:23Z","number":"5","summary":"description changed"},{"date":"2025-12-19T00:53:40Z","number":"6","summary":"description changed"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp7"}}},{"category":"product_version","name":"perl-Mojolicious","product":{"name":"perl-Mojolicious","product_id":"perl-Mojolicious","product_identification_helper":{"purl":"pkg:rpm/suse/perl-Mojolicious@?upstream=perl-Mojolicious.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"perl-Mojolicious as component of SUSE Linux Enterprise Module for Package Hub 15 SP7","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP7:perl-Mojolicious"},"product_reference":"perl-Mojolicious","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP7"}]},"vulnerabilities":[{"cve":"CVE-2024-58134","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-58134"}],"notes":[{"category":"general","text":"Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default.\n\nThese predictable default secrets can be exploited by an attacker to forge session cookies.   An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Module for Package Hub 15 SP7:perl-Mojolicious"]},"references":[{"category":"external","summary":"CVE-2024-58134","url":"https://www.suse.com/security/cve/CVE-2024-58134"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1242840 for CVE-2024-58134","url":"https://bugzilla.suse.com/1242840"}],"threats":[{"category":"impact","date":"2025-05-03T18:00:04Z","details":"important"}],"title":"CVE-2024-58134"}]}