Soumettre #603726: https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypassinformation

Titrehttps://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass
DescriptionThe JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/mao888/bluebell-plus/issues/35.
La source⚠️ https://github.com/mao888/bluebell-plus/issues/35
Utilisateur
 Tritium (UID 50779)
Soumission25/06/2025 11:37 (il y a 10 mois)
Modérer05/07/2025 14:45 (10 days later)
StatutAccepté
Entrée VulDB314993 [mao888 bluebell-plus jusqu’à 2.3.0 JWT Token jwt.go mySecret authentification faible]
Points18

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!