one-hub ≤ v0.14.27 Authentication Bypass by Primary Weaknessinformation

Titre	https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness
Description	Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
La source	⚠️ https://github.com/MartialBE/one-hub/issues/872
Utilisateur	28Hus (UID 92415)
Soumission	09/12/2025 15:05 (il y a 4 mois)
Modérer	13/12/2025 10:15 (4 days later)
Statut	Accepté
Entrée VulDB	336384 [MartialBE one-hub jusqu’à 0.14.27 docker-compose.yml SESSION_SECRET chiffrement faible]
Points	19

Want to know what is going to be exploited?

We predict KEV entries!