Отправить #603726: https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization BypassИнформация

Названиеhttps://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass
ОписаниеThe JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it. Details can be found in https://github.com/mao888/bluebell-plus/issues/35.
Источник⚠️ https://github.com/mao888/bluebell-plus/issues/35
Пользователь
 Tritium (UID 50779)
Представление25.06.2025 11:37 (10 месяцы назад)
Модерация05.07.2025 14:45 (10 days later)
Статуспринято
Запись VulDB314993 [mao888 bluebell-plus до 2.3.0 JWT Token jwt.go mySecret слабая аутентификация]
Баллы18

ПредыдущийОбзорДалее

Want to stay up to date on a daily basis?

Enable the mail alert feature now!