one-hub ≤ v0.14.27 Authentication Bypass by Primary Weaknessthông tin

tiêu đề	https://github.com/MartialBE https://github.com/MartialBE/one-hub ≤ v0.14.27 Authentication Bypass by Primary Weakness
Mô tả	Because the one-hub system uses Docker's one-click deployment feature, many operations and maintenance personnel directly use the default open-source session key. This allows attackers to easily forge JWTs and gain important system administrator privileges, including but not limited to obtaining sensitive data, adding and deleting users, and accessing OSS cloud keys. This poses a significant threat.
Nguồn	⚠️ https://github.com/MartialBE/one-hub/issues/872
Người dùng	28Hus (UID 92415)
Đệ trình	09/12/2025 15:05 (cách đây 4 các tháng)
Kiểm duyệt	13/12/2025 10:15 (4 days later)
Trạng thái	được chấp nhận
Mục VulDB	336384 [MartialBE one-hub đến 0.14.27 docker-compose.yml SESSION_SECRET mã hóa yếu]
điểm	19

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!