| タイトル | https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness |
|---|
| 説明 | Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat. |
|---|
| ソース | ⚠️ https://github.com/MartialBE/one-hub/issues/872 |
|---|
| ユーザー | 28Hus (UID 92415) |
|---|
| 送信 | 2025年12月09日 15:05 (5 月 ago) |
|---|
| モデレーション | 2025年12月13日 10:15 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 336384 [MartialBE one-hub 迄 0.14.27 docker-compose.yml SESSION_SECRET 弱い暗号化] |
|---|
| ポイント | 19 |
|---|