| Название | https://github.com/nocobase https://github.com/nocobase/nocobase Latest Authorization Bypass |
|---|
| Описание | Because the nocobase system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source JWT key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat. |
|---|
| Источник | ⚠️ https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d |
|---|
| Пользователь | 28Hus (UID 92415) |
|---|
| Представление | 10.11.2025 16:26 (7 месяцы назад) |
|---|
| Модерация | 02.12.2025 10:45 (22 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 334033 [nocobase до 1.9.4/2.0.0-alpha.37 JWT Service jwt-service.ts API_KEY слабое шифрование] |
|---|
| Баллы | 19 |
|---|