Submeter #710249: https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weaknessinformação

Títulohttps://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness
DescriçãoBecause the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
Fonte⚠️ https://github.com/MartialBE/one-hub/issues/872
Utilizador
 28Hus (UID 92415)
Submissão09/12/2025 15h05 (há 5 meses)
Moderação13/12/2025 10h15 (4 days later)
EstadoAceite
Entrada VulDB336384 [MartialBE one-hub até 0.14.27 docker-compose.yml SESSION_SECRET Encriptação fraca]
Pontos19

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!