Enviar #603726: https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypassinformación

Títulohttps://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass
DescripciónThe JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/mao888/bluebell-plus/issues/35.
Fuente⚠️ https://github.com/mao888/bluebell-plus/issues/35
Usuario
 Tritium (UID 50779)
Sumisión2025-06-25 11:37 (hace 10 meses)
Moderación2025-07-05 14:45 (10 days later)
EstadoAceptado
Entrada de VulDB314993 [mao888 bluebell-plus hasta 2.3.0 JWT Token jwt.go mySecret autenticación débil]
Puntos18

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!