| タイトル | https://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypass |
|---|
| 説明 | Because the nocobase system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source JWT key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat. |
|---|
| ソース | ⚠️ https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d |
|---|
| ユーザー | 28Hus (UID 92415) |
|---|
| 送信 | 2025年11月10日 16:26 (7 月 ago) |
|---|
| モデレーション | 2025年12月02日 10:45 (22 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 334033 [nocobase 迄 1.9.4/2.0.0-alpha.37 JWT Service jwt-service.ts API_KEY 弱い暗号化] |
|---|
| ポイント | 19 |
|---|