one-hub ≤ v0.14.27 Authentication Bypass by Primary Weaknessinformación

Título	https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness
Descripción	Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
Fuente	⚠️ https://github.com/MartialBE/one-hub/issues/872
Usuario	28Hus (UID 92415)
Sumisión	2025-12-09 15:05 (hace 5 meses)
Moderación	2025-12-13 10:15 (4 days later)
Estado	Aceptado
Entrada de VulDB	336384 [MartialBE one-hub hasta 0.14.27 docker-compose.yml SESSION_SECRET cifrado débil]
Puntos	19

Do you want to use VulDB in your project?

Use the official API to access entries easily!