Submit #692205: https://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypassinfo

Titelhttps://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypass
BeschreibungBecause the nocobase system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source JWT key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
Quelle⚠️ https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d
Benutzer
 28Hus (UID 92415)
Einreichung10.11.2025 16:26 (vor 7 Monaten)
Moderieren02.12.2025 10:45 (22 days later)
StatusAkzeptiert
VulDB Eintrag334033 [nocobase bis 1.9.4/2.0.0-alpha.37 JWT Service jwt-service.ts API_KEY schwache Verschlüsselung]
Punkte19

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!