CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
References
Link Resource
https://github.com/dromara/lamp-cloud/issues/183 Issue Tracking Patch Vendor Advisory
https://github.com/xubowenW/JWTissues/blob/main/lamp%20issue.md Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tangyh:lamp-cloud:*:*:*:*:*:*:*:*

History

09 Nov 2023, 21:17

Type Values Removed Values Added
CPE cpe:2.3:a:tangyh:lamp-cloud:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-798
References (MISC) https://github.com/dromara/lamp-cloud/issues/183 - (MISC) https://github.com/dromara/lamp-cloud/issues/183 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://github.com/xubowenW/JWTissues/blob/main/lamp%20issue.md - (MISC) https://github.com/xubowenW/JWTissues/blob/main/lamp%20issue.md - Third Party Advisory
First Time Tangyh
Tangyh lamp-cloud

02 Nov 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-02 22:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-31579

Mitre link : CVE-2023-31579

CVE.ORG link : CVE-2023-31579


JSON object : View

Products Affected

tangyh

  • lamp-cloud
CWE
CWE-798

Use of Hard-coded Credentials