إرسال #692205: https://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypassالمعلومات

عنوانhttps://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypass
الوصفBecause the nocobase system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source JWT key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
المصدر⚠️ https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d
المستخدم
 28Hus (UID 92415)
ارسال10/11/2025 04:26 PM (7 أشهر منذ)
الاعتدال02/12/2025 10:45 AM (22 days later)
الحالةتمت الموافقة
إدخال VulDB334033 [nocobase حتى 1.9.4/2.0.0-alpha.37 JWT Service jwt-service.ts API_KEY تشفير ضعيف]
النقاط19

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!