Submeter #692205: https://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypassinformação

Títulohttps://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypass
DescriçãoBecause the nocobase system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source JWT key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
Fonte⚠️ https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d
Utilizador
 28Hus (UID 92415)
Submissão10/11/2025 16h26 (há 7 meses)
Moderação02/12/2025 10h45 (22 days later)
EstadoAceite
Entrada VulDB334033 [nocobase até 1.9.4/2.0.0-alpha.37 JWT Service jwt-service.ts API_KEY Encriptação fraca]
Pontos19

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!