Submit #603726: https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypassinfo

Titelhttps://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass
BeschreibungThe JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/mao888/bluebell-plus/issues/35.
Quelle⚠️ https://github.com/mao888/bluebell-plus/issues/35
Benutzer
 Tritium (UID 50779)
Einreichung25.06.2025 11:37 (vor 10 Monaten)
Moderieren05.07.2025 14:45 (10 days later)
StatusAkzeptiert
VulDB Eintrag314993 [mao888 bluebell-plus bis 2.3.0 JWT Token jwt.go mySecret schwache Authentisierung]
Punkte18

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!