CVE-2023-31579

CVSS v3.1 9.8 (Critical)

EPSS 0.09 % (40^th)

Affected Products 1

Advisories 1

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.

Weaknesses

CWE-798: Use of Hard-coded Credentials

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2023-11-02 22:15:08
(10 months ago)
Updated Date: 2023-11-09 21:17:52
(10 months ago)

Affected Products

Tangyh

Lamp-cloud

Configuration #1

		CPE23	From	Up To
	Tangyh Lamp-cloud prior 3.8.1 version	cpe:2.3:a:tangyh:lamp-cloud		< 3.8.1