| عنوان | https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness |
|---|
| الوصف | Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat. |
|---|
| المصدر | ⚠️ https://github.com/MartialBE/one-hub/issues/872 |
|---|
| المستخدم | 28Hus (UID 92415) |
|---|
| ارسال | 09/12/2025 03:05 PM (5 أشهر منذ) |
|---|
| الاعتدال | 13/12/2025 10:15 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 336384 [MartialBE one-hub حتى 0.14.27 docker-compose.yml SESSION_SECRET تشفير ضعيف] |
|---|
| النقاط | 19 |
|---|