| Title | mariazevedo88 travels-java-api <=travels-java-api5.0.1 arbitrary user impersonation |
|---|
| Description | Hardcoding the JWT secret key can lead to arbitrary users spoofing tokens. Since the travels-java-api is an open-source project, others can easily obtain the JWT secret key of travels-java-api. This allows them to use the JWT secret key to generate arbitrary JWT tokens and gain access to any user's permissions. |
|---|
| Source | ⚠️ https://github.com/mariazevedo88/travels-java-api/issues/23 |
|---|
| User | susu199 (UID 76394) |
|---|
| Submission | 10/29/2024 08:43 (1 Year ago) |
|---|
| Moderation | 11/06/2024 11:32 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 283316 [mariazevedo88 travels-java-api up to 5.0.1 JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key] |
|---|
| Points | 18 |
|---|