| 제목 | https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness |
|---|
| 설명 | Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat. |
|---|
| 원천 | ⚠️ https://github.com/MartialBE/one-hub/issues/872 |
|---|
| 사용자 | 28Hus (UID 92415) |
|---|
| 제출 | 2025. 12. 09. PM 03:05 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 13. AM 10:15 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336384 [MartialBE one-hub 까지 0.14.27 docker-compose.yml SESSION_SECRET 약한 암호화] |
|---|
| 포인트들 | 19 |
|---|