| 标题 | https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass |
|---|
| 描述 | The JWT secret key is hardcoded in the source code, making it easy for an attacker to forge valid JWT tokens and bypass authentication mechanisms.You can easily forge a valid Token and create any posts or comments with it.
Details can be found in https://github.com/mao888/bluebell-plus/issues/35. |
|---|
| 来源 | ⚠️ https://github.com/mao888/bluebell-plus/issues/35 |
|---|
| 用户 | Tritium (UID 50779) |
|---|
| 提交 | 2025-06-25 11時37分 (10 月前) |
|---|
| 管理 | 2025-07-05 14時45分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 314993 [mao888 bluebell-plus 直到 2.3.0 JWT Token jwt.go mySecret 弱身份验证] |
|---|
| 积分 | 18 |
|---|