Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.
References
Link | Resource |
---|---|
https://github.com/dromara/lamp-cloud/issues/183 | Issue Tracking Patch Vendor Advisory |
https://github.com/xubowenW/JWTissues/blob/main/lamp%20issue.md | Third Party Advisory |
Configurations
History
09 Nov 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tangyh:lamp-cloud:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-798 | |
References | (MISC) https://github.com/dromara/lamp-cloud/issues/183 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://github.com/xubowenW/JWTissues/blob/main/lamp%20issue.md - Third Party Advisory | |
First Time |
Tangyh
Tangyh lamp-cloud |
02 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-02 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-31579
Mitre link : CVE-2023-31579
CVE.ORG link : CVE-2023-31579
JSON object : View
Products Affected
tangyh
- lamp-cloud
CWE
CWE-798
Use of Hard-coded Credentials